1. Definitions

Capitalized terms utilized in this Agreement and not defined herein shall have the meaning set forth in the Vercel Terms of Service located at https://vercel.com/legal/terms if Developer has a Hobby or Pro subscription or the Vercel Terms of Service for Enterprise at https://vercel.com/legal/enterprise-terms if Developer has an Enterprise subscription, if the applicable terms that Vercel and Developer executed in writing (the "Terms").

"Marks" means the trade names, trademarks, service marks, logos, domain names, and other distinctive Marks of each party, respectively, as owned (or licensed) by such party from time to time.

"Developer" means you, and you are the company or individual who has created the software, content, and digital materials for use in connection with Vercel and accessible via Marketplace.

"Developer Application" means the software, content and digital materials created by You for use in connection with the Vercel platform and accessible via Marketplace.

"End User" means any person, company or other legal entity that will acquire licenses to Developer Application via the Vercel Marketplace.

"Vercel API" means Vercel's proprietary application program interface. Access to and use of the Vercel API is governed by the Terms.

"Vercel Marketplace" or "Marketplace" means the proprietary online marketplace operated by Vercel where Developer Applications may be delivered to End Users.

"Listing" means the content provided for listing the Developer Application on Vercel Marketplace. References to a Listing include the Developer Application itself.

"Personal Data" means "personal data", "personal information", "personally identifiable information" or similar information defined in and governed by applicable laws and regulations.

"Marketplace Data" means, collectively, the Personal Data and the Usage Data.

"Usage Data" means Marketplace related data generated in connection with End User use of Vercel Marketplace and licensure of Developer Applications, including but not limited to usage statistics and aggregated licensing data.

2. Licenses and Intellectual Property

2.1 This Agreement sets forth the terms and conditions pursuant to which Developer may publish Listings on Vercel Marketplace for the license and/or purchase of Developer Applications by End Users and use in connection with the Vercel platform. This Agreement is applicable to Developer Applications distributed for free only and Developer Applications will not be made available on the Marketplace for a fee. Developer agrees to use the Vercel Marketplace solely for purposes permitted by the Terms, this Agreement and as otherwise allowed by applicable law. As between Vercel and Developer, Developer is solely responsible for Developer Applications. The Developer Application shall be built according to Vercel's development guidelines, including but not limited to the technical specifications available at https://vercel.com/docs/integrations/create-integration/submit-integration#technical-specs.

2.2 Developer grants to Vercel a non-exclusive, worldwide, transferable, sublicensable, fully paid-up, royalty-free license to

(a) host, link to, reproduce, modify, publicly perform, publicly display, test, distribute, make available, license and otherwise use the Listing;

(b) reproduce, perform, display, use and access the Listing for administration and demonstration purposes in connection with the operation and marketing of the Marketplace; and

(c) reproduce, display, distribute and otherwise use any Developer Marks furnished by Developer to Vercel under this Agreement solely for use in connection with the Marketplace and in order to fulfill its obligations under the Agreement.

2.3 In addition to the licenses granted above, Vercel may include Developer Marks furnished by Developer to Vercel under this Agreement in any presentations, communications, marketing materials, press releases, customer lists (including, without limitation any customer lists, posted to Vercel websites), publicity campaigns and other advertising collateral for purposes of marketing the Marketplace. If Developer discontinues the distribution of specific Developer Applications on the Marketplace or if this Agreement terminates, Vercel will, after a commercially reasonable period of time, cease use of the discontinued Developer Applications' Marks. Nothing in this Agreement gives Developer a right to use any Vercel Marks; except that provided that Developer abides by Vercel's brand guidelines at https://vercel.com/design/brands. Vercel grants Developer a non-exclusive, non-transferable limited license during the term of this Agreement to use the Vercel Marks to indicate that Developer is part of the Integrations program. All goodwill arising out of Developer's use of the Vercel Marks shall insure to Vercel's benefit. Vercel may elect in its sole discretion to promote certain Developer Applications that meet Vercel's then current eligibility guidelines, but Vercel is not obligated to promote any Developer Applications.

2.4 Developer grants to each End User a non-exclusive, worldwide right or license to perform, display, and use the Developer Applications and any content contained in, accessed by or transmitted through the Developer Applications in connection with the Marketplace. Developer must include: (i) a separate end user license agreement ("EULA") in its Developer Applications that will govern the End User's rights to the Developer Applications which will control in lieu of the foregoing sentence and (ii) a separate privacy policy that accurately discloses all of Developer's collection, use and disclosure of personal information and data and complies with applicable laws and regulations. Each Developer Application may have read/write and other access to End Users' instances of the Vercel platform, including End User Data (as defined in the Data Protection Addendum below), and the EULA and Developer privacy policy shall accurately disclose all such access. Developer must accurately select only those permissions that Developer actually requires with a legal basis for the proper use of the Developer Application in the Vercel Developer console. Developer acknowledges and agrees that the applicable EULA for each Developer Application is solely between Developer and the End User. Vercel shall not be responsible, nor have any liability whatsoever, under any EULA or Developer privacy policy.

2.5 Except for the license rights granted in this Agreement,

(a) Developer retains all rights in the Developer Applications;

(b) each party retains all rights it has independent of this Agreement, including rights under the US Copyright Act or similar laws of other jurisdictions; and

(c) each party owns all rights, title and interest in its respective Marks. Each party is responsible for protecting and enforcing its own respective rights and neither party has an obligation to do so on the other's behalf.

3. Restrictions

Notwithstanding any of the requirements set forth in Section 2 above, Developer acknowledges and agrees that its use of the Marketplace and participation in the Program is explicitly conditioned on Developer's adherence to the Terms and this Agreement, including without limitation, the restrictions and compliance requirements set forth in this Section 3.

3.1 Developer agrees it will protect the privacy and legal rights of all End Users. If an End User provides Developer with, or the Developer Application otherwise collects, discloses, accesses or uses, End User names, passwords or other personal information, then the Developer must

(a) inform End Users that such information will be available to the Developer Applications; and

(b) provide legally adequate privacy notice and protection to End Users. Further, Developer Applications may only use the information for the limited purpose for which Developer has obtained the appropriate permission and/or consent from End User as required by law. If Developer Applications store or transmit personal or sensitive information provided by or obtained from End Users, then Developer must ensure all such activity is done so securely and must respond promptly to complaints, removal requests, "do not contact" requests, and any other requests or inquiries based on rights granted under applicable data protection laws from Vercel or Marketplace End Users.

3.2 You will be solely responsible for support and maintenance of your Developer Applications and any complaints about your Developer Applications. Your support contact information will be displayed in each application detail page and made available to users for customer support purposes; provided that your support response times and the scope of support shall be equivalent to, or better than, the Standard level of support at https://vercel.com/legal/support-terms. Failure to provide adequate support for your Developer Applications may result in less prominent exposure, or in some cases removal from the Marketplace.

3.3 In order to use and access the Vercel API, Developer must obtain API credentials (a "Credentials"). Developer may not share its Credentials with any third party, shall keep such Credentials and all login information secure and shall use the Credentials as Developer's sole means of accessing the Vercel API.

3.4 Developer acknowledges and agrees that it will not engage in any activity with the Marketplace, including the distribution of Developer Applications, that violates Marketplace policies or that:

1. Violates any applicable laws or regulations or promotes unlawful activities;
2. Contains or installs any active malware or exploits, or uses our platform for exploit delivery (such as part of a command and control system);
3. Interferes with, disrupts, damages, harms, or accesses in an unauthorized manner the machines, systems, hardware, servers, networks, devices, data or other property or services of any third party;
4. Includes false or misleading content;
5. Infringes on any proprietary right of any party, including patent, trademark, trade secret, copyright, right of publicity, or other rights;
6. Is libelous, defamatory, or fraudulent;
7. Enables the unauthorized download of streaming content or media;
8. Displays or links to illegal content;
9. Harasses, abuses, threatens, or incites violence toward any individual or group, including Vercel employees, officers, and agents, end users, or anyone else;
10. Is or contains sexually obscene content;
11. Is discriminatory or abusive toward any individual or group;
12. Diverts End Users or provides links to any other site that mimics the Marketplace or passes itself off as the Marketplace;
13. Create spam, artificially amplify or suppress information, or create synthetic or manipulated media that are likely to cause harm; or
14. Impersonate individuals, groups or organizations in ways that mislead, confuse or deceive others, or disrupt Vercel's platform.

3.5 Developer shall not, under any circumstances, through Developer Applications or otherwise, repackage or resell the Marketplace, Vercel API, Usage Data, or other data stored or transmitted using the Marketplace. Developer is not permitted to use the Vercel API or any Usage Data in any manner that does or could potentially undermine the security of the Vercel platform, the Vercel API, Usage Data or any other data or information stored or transmitted using the Marketplace. In addition, Developer shall not, and shall not attempt to, interfere with, modify or disable any features, functionality or security controls of the Marketplace or the Vercel API, defeat, avoid, bypass, remove, deactivate or otherwise circumvent any protection mechanisms for the Marketplace or the Vercel API, or reverse engineer, decompile, disassemble or derive source code, underlying ideas, algorithms, structure or organizational form from the Marketplace or the Vercel API.

3.6 Developer acknowledges that Developer is solely responsible, and that Vercel has no responsibility or liability of any kind, for the content, development, operation, support or maintenance of Developer Applications. Without limiting the foregoing, Developer will be solely responsible for:

(i) the technical installation and operation of its Developer Applications; (ii) creating and displaying information and content on, through or within its Developer Applications; (iii) ensuring that its Developer Applications do not violate or infringe the intellectual property rights of any third party; (iv) ensuring that Developer Applications are not offensive, profane, obscene, libelous or otherwise illegal; (v) ensuring that its Developer Applications do not contain or introduce malicious software into the Marketplace, the Vercel API, any Usage Data or other data stored or transmitted using the Marketplace; and (vi) ensuring that its Developer Applications are not designed to or utilized for the purpose of sending commercial electronic messages to any Vercel platform users, agents or End Users without their consent.

3.7 Developer will respect and comply with the technical and policy-implemented limitations of the Vercel API and the restrictions of this Agreement in designing and implementing Developer Applications. Without limiting the foregoing, Developer shall not violate any explicit rate limitations on calling or otherwise utilizing the Vercel API.

3.8 Vercel reserves the right to terminate this Agreement immediately if Vercel determines that Developer has breached any requirement or obligation of this Section 3.

3.9 Nothing in this Agreement shall prevent Vercel from developing and/or publishing applications that are similar or otherwise compete with the Developer Applications.

4. Removals

4.1 Upon providing Vercel with thirty (30) days written notice to integrations@vercel.com in advance of the 1st day of the succeeding calendar month, you may remove your Listings from future distribution via Marketplace, but you must comply with this Agreement for any Listing distributed through Marketplace, including but not limited to refund requirements. Removing your Listing from future distribution via Marketplace does not

(a) affect the license rights of End Users who have previously purchased or installed your Listing or

(b) change your obligation to deliver or support Listing that has been previously purchased or installed by users.

Notwithstanding the foregoing, in no event will Vercel maintain on any portion of Marketplace any Listing that you have removed from Marketplace and provided written notice to Vercel that such removal was due to:

(i) an allegation of infringement, or actual infringement, of any copyright, trademark, trade secret, trade dress, patent or other intellectual property right of any person, (ii) an allegation of defamation or actual defamation, (iii) an allegation of violation, or actual violation, of any third party's right of publicity or privacy, or (iv) an allegation or determination that such Listing does not comply with applicable law.

4.2 While Vercel is not obligated to monitor the Listing and/or their content, Vercel may at any time review or test your Listing for compliance with this Agreement, the Marketplace program policies, and any other applicable terms, obligations, laws, or regulations. Vercel retains the right to refuse to include a Listing on Marketplace in its sole discretion. You may be required to provide information about yourself (such as identification or contact details) as part of the registration process for Marketplace, or as part of your continued use of Marketplace. You agree that any information you give to Marketplace will always be accurate, correct and up to date. As part of the specification for your Listing, Vercel may ask that you include in the file for your Listing Personal Data such as your name and email address. Vercel may use this Personal Data when featuring the Listing in our directory or for other uses, as specified in Vercel's Privacy Policy. Vercel collects and uses Marketplace Data as set forth in Vercel's Privacy Policy.

If Vercel is notified by you or otherwise becomes aware and determines in its sole discretion that a Listing or any portion thereof or your Marks:

(a) violates the intellectual property rights or any other rights of any third party;

(b) violates any applicable law or is subject to an injunction;

(c) is pornographic, obscene or otherwise violates Vercel's hosting policies or other terms of service as may be updated by Vercel from time to time in its sole discretion;

(d) is being distributed by you improperly;

(e) may create liability for Vercel or any third party;

(f) is deemed by Vercel to be malicious or defective;

(g) violates the terms of this Agreement or the Marketplace program policies;

(h) the display of the Listing is impacting the integrity of Vercel servers (i.e., users are unable to access such content or otherwise experience difficulty);

(i) is deemed by Vercel to add undue risk to Marketplace End Users' data or impair the user experience of Marketplace or Vercel;

(j) is subject to user complaints in regards to your breach of your EULA or Developer's privacy policy, or

(k) otherwise violates the Terms (including, without limitation, any fair use or acceptable use restrictions) or this Agreement,

Vercel may: prevent the Listing from being made available on Marketplace; remove the Listing from Marketplace; flag, filter, or modify related materials (including but not limited to descriptions, screenshots, or metadata); or reclassify the Listing at its sole discretion. Vercel reserves the right to suspend, remove or bar any Listing from Marketplace at its sole discretion for any reason or for no reason.

In the event that your Listing is involuntarily removed because it is defective, malicious, infringes intellectual property rights of another person, defames, violates a third party's right of publicity or privacy, or does not comply with applicable law. Vercel's DMCA Policy at https://vercel.com/legal/dmca-policy is incorporated into this Agreement by reference.

4.3 From time to time, Vercel may check for available updates to Listing, including but not limited to bug fixes or enhanced functionality. If you update your Listing to Marketplace, you agree that such update will be automatically requested, downloaded, and installed without further notice to you. Vercel makes no guarantees regarding the timing of such updates. For the avoidance of doubt, updates to Listing are subject to the same terms and conditions as the Listing, including without limitation Section 4.2 of this Agreement.

4.4 If an End User uses your Developer Application in a way that violates the Terms, then we have the right to suspend or terminate that End User's access to the Developer Application without any liability to you.

5. Representations and Warranties and Warranty Disclaimer

5.1 Developer represents and warrants that Developer has notified all users, including End Users, of such Developer Applications that their information and data will be transmitted outside the Vercel platform and Developer's EULA and privacy policy will control the privacy, security or integrity of such information and data. Developer further represents and warrants that its privacy policy accurately discloses its Personal Data processing practices and to the extent Developer Applications store, process or transmit End User information or data, neither Developer nor Developer Application will, without appropriate prior user consent or except to the extent required by applicable law:

(i) modify the content of End User information or data in a manner that adversely affects the integrity of such information or data; (ii) disclose End User information or data to any third party; or (iii) use End User information or data for any purpose other than providing the Developer Application functionality to users of such Developer Application. Developer shall maintain and handle all End User information and data in accordance with privacy and security measures reasonably adequate to preserve the confidentiality and security of all End User information and data and all applicable privacy laws and regulations.

5.2 Developer agrees that it will comply with the Vercel Integrations Marketplace Data Protection Addendum (DPA) attached hereto as Addendum 1.

5.3 Developer represents, warrants and covenants that: (i) its Developer Applications and Developer Marks do not and will not violate, misappropriate or infringe upon the intellectual property rights of any third party; (ii) Developer will comply with all applicable local, state, national and international laws and regulations, including, without limitation, all applicable export control laws, and maintain all licenses, permits and other permissions necessary to develop, implement and distribute its Developer Applications; (iii) its Developer Applications do not and will not contain or introduce into the Marketplace, the Vercel API, any Usage Data or other data stored or transmitted using the Marketplace, any malicious software; (vi) its Developer Applications are not designed to or utilized for the purpose of sending commercial electronic messages to any Vercel customers, agents or End Users without their consent; (vi) it has all right, power and authority to grant the licenses granted to Vercel and End Users herein; (vii) it acknowledges Vercel's right to charge transaction and/or listing fees as provided in Section 6 herein; (viii) any images and text that are used to market the Developer Applications or that Developer has uploaded to the Marketplace are truthful, accurate and not intended to mislead or confuse the End User; and (ix) the Developer Application complies with the terms of, and requirements in, this Agreement.

5.4 DISCLAIMER OF WARRANTIES. ALL ASPECTS OF THE MARKETPLACE AND THE VERCEL API ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT ANY WARRANTIES OF ANY KIND TO THE FULLEST EXTENT PERMITTED BY LAW, AND VERCEL EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. DEVELOPER ACKNOWLEDGES THAT VERCEL DOES NOT WARRANT THAT THE MARKETPLACE OR VERCEL API WILL BE UNINTERRUPTED, TIMELY, SECURE, ERROR-FREE OR FREE FROM VIRUSES, MALWARE, OR WORMS (OTHERWISE KNOWN AS COMPUTER CODE OR OTHER TECHNOLOGY SPECIFICALLY DESIGNED TO DISRUPT, DISABLE, OR HARM YOUR SOFTWARE, HARDWARE, COMPUTER SYSTEM, OR NETWORK), AND NO INFORMATION OR ADVICE OBTAINED BY DEVELOPER FROM VERCEL OR THROUGH THE MARKETPLACE OR VERCEL API SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT. VERCEL IS NOT RESPONSIBLE FOR AND SPECIFICALLY DISCLAIMS ANY LIABILITY FOR ANY UNAUTHORIZED USE OF DEVELOPER APPLICATIONS OUTSIDE THE MARKETPLACE.

6. Fees

There are currently no fees payable by Developer to participate in the Marketplace, provided that Vercel may impose a fee at any time on notice to Developer. Developer shall not charge a fee for any of its Developer Applications.

7. No Implied Rights

Subject to the limited licenses expressly provided in this Agreement, nothing in this Agreement transfers or assigns to a party any of the other party's intellectual property rights in its Marks or other technology, and nothing in this Agreement transfers or assigns a party any of the other party's intellectual property rights. There are no implied rights.

8. Limitation of Liability

UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR OTHERWISE) WILL VERCEL, OR ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR SUPPLIERS BE LIABLE TO DEVELOPER OR ANY THIRD PARTY UNDER THIS AGREEMENT FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL, PUNITIVE OR OTHER SIMILAR DAMAGES, INCLUDING LOST PROFITS, LOST SALES OR BUSINESS, LOST DATA, BUSINESS INTERRUPTION OR ANY OTHER LOSS INCURRED BY DEVELOPER OR ANY THIRD PARTY IN CONNECTION WITH THIS AGREEMENT, REGARDLESS OF WHETHER DEVELOPER HAS BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN SUCH DAMAGES NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, VERCEL'S AGGREGATE LIABILITY TO DEVELOPER OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT SHALL NOT EXCEED THE AMOUNT OF ONE HUNDRED DOLLARS ($100.00).

9. Indemnification Terms

To the maximum extent permitted by applicable law, Developer agrees to defend, indemnify and hold harmless Vercel, its affiliates and their respective directors, officers, employees and agents from and against any and all claims, actions, suits or proceedings, as well as any losses, liabilities, damages, costs and expenses (including reasonable attorneys' fees) arising from or relating to

(a) Developer's use of the Marketplace in violation of this Agreement, the Terms or any applicable laws or regulations;

(b) Developer's Products that infringe any copyright, trademark, trade secret, patent or other intellectual property right of any third party;

(c) any loss or disclosure of data or personal information by Developer Applications; and

(d) Developer's EULA and/or Developer's privacy policy. Without limiting any terms of this Agreement, Developer acknowledges and agrees that Vercel shall be entitled to provide Developer's name, address and other contact details to any third party that reasonably, in Vercel's sole determination, claims that Developer does not possess all of the necessary intellectual property rights in or to the Developer Applications.

10. Term and Termination

10.1 This Agreement will commence on the date that Developer accepts this Agreement and shall continue to apply until terminated by either party as set forth below.

10.2 Either party may terminate this Agreement for any reason upon providing written notice to the other at least thirty (30) days in advance. During such thirty (30) day period the terms in effect at the time such notice of termination has been provided shall govern for the duration of the thirty (30)-day notice period until the date of actual termination. If Developer wishes to terminate, Developer shall notify Vercel by emailing integrations@vercel.com.

10.3 Vercel may terminate this Agreement at any time if

(a) you have breached any provision of this Agreement,

(b) Vercel is required to do so by law or

(c) any of your Listings have been suspended for fourteen (14) days or more.

10.4 Effects of Termination by Developer. Upon receiving thirty (30) days' advanced written notice of termination from Developer at integrations@vercel.com, Developer will be disabled from taking on new End Users via Marketplace. If termination is initiated as a result of a Vercel Amendment to these terms, the terms in effect immediately prior to such Amendment shall govern for the duration of the thirty (30)-day notice period until the date of actual termination. If Vercel terminates this Agreement, Developer will be disabled from taking on new End Users via the Marketplace and the Listing will be removed.

10.5 The obligations in Sections 3, 4, 5, 7, 8, 9, 10.4, and 11-18 will survive any expiration or termination of this Agreement.

11. Export Restrictions

DEVELOPER APPLICATIONS DISTRIBUTED VIA MARKETPLACE MAY BE SUBJECT TO EXPORT CONTROLS OR RESTRICTIONS BY THE UNITED STATES OR OTHER COUNTRIES OR TERRITORIES. DEVELOPER AGREES TO COMPLY WITH ALL APPLICABLE UNITED STATES AND INTERNATIONAL EXPORT LAWS AND REGULATIONS. THESE LAWS MAY INCLUDE RESTRICTIONS ON DESTINATIONS, CONTENT AND/OR END USERS.

12. Usage Data

In order to operate and improve Marketplace, Vercel may collect Usage Data from the Marketplace and the Vercel API or anywhere previously purchased, installed, or downloaded Developer Applications are stored on behalf of End Users by Vercel. The Usage Data will be maintained in accordance with Vercel's then in effect privacy policies. Limited Usage Data may be available for use by Developer in Vercel's sole discretion which will be subject to the terms of the Data Protection Addendum attached as Addendum 1.

13. General

13.1 Developer acknowledges and agrees that Vercel may amend this Agreement, its Marketplace program and the Marketplace from time to time (an "Amendment"). All Amendments shall be communicated through Marketplace, the Vercel website at www.vercel.com or through a form of direct communication from Vercel to Developer. Developer further acknowledges and agrees that such Amendments may be implemented at any time and without any notice to Developer. Developer shall, within thirty (30) days from the date of first notice of any Amendment(s) (or such shorter period of time specified in the notice of the Amendment(s)) (the "Conformance Period") comply with such Amendment(s) by implementing and using the most current version of the Vercel API in the most current version of the Developer Applications and making any changes to Developer Applications that may be required as a result of such Amendment(s). Developer acknowledges that an Amendment may have an adverse effect on Developer Applications, including but not limited to changing the manner in which applications communicate with the Vercel API. Vercel shall have no liability of any kind to Developer or any End User with respect to such Amendments or any adverse effects resulting from such Amendments. Developer's continued access to or use of Marketplace or the Vercel API following the Conformance Period shall constitute binding acceptance of the Amendment(s) at issue.

13.2 Developer may not, directly or indirectly, by operation of law or otherwise, assign all or any part of this Agreement or Developer's rights under this Agreement or delegate performance of Developer's duties under this Agreement without Vercel's prior written consent. The rights granted in this Agreement may be assigned or transferred by Vercel without Developer's prior approval. In addition, Vercel may delegate its responsibilities or obligations under this Agreement without Developer's consent.

13.3 This Agreement, together with the Terms, constitutes the entire agreement between the parties with respect to the subject matter of this Agreement. Vercel's failure to enforce at any time any provision of this Agreement does not constitute a waiver of that provision or of any other provision of this Agreement.

13.4 If any provision in this Agreement is held by a court of competent jurisdiction to be unenforceable, such provision shall be modified by the court and interpreted so as to best accomplish the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.

13.5 The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship among the parties. Developer agrees that each member of the group of companies to which Vercel belongs shall be a third party beneficiary to this Agreement and that such other companies shall be entitled to directly enforce, and rely upon, any provision of this Agreement that confers a benefit or grants a right in favor of Vercel. No other person, company or legal entity shall be a third party beneficiary to the Agreement.

13.6 All notices to be provided by Vercel to Developer under this Agreement may be delivered in writing (i) by nationally recognized overnight delivery service ("Courier") or U.S. mail to the contact mailing address provided by Developer to Vercel; or (ii) email to the email address provided by Developer. Developer must give notice to Vercel in writing by email to integrations@vercel.com and by Courier or U.S. Mail to the following address: Vercel Inc., Attn: Legal, 440 N Barranca Ave #4133, Covina, CA 91723. All notices shall be deemed to have been given immediately upon delivery by electronic mail, or if otherwise delivered upon receipt or, if earlier, two (2) business days after being deposited in the mail or with a Courier as permitted above.

13.7 This Agreement shall be governed by the laws of the State of California without regard to conflict of law principles. Developer hereby expressly agrees to submit to the exclusive personal jurisdiction of the federal and state courts of the State of California, San Francisco County, for the purpose of resolving any dispute relating to this Agreement. Notwithstanding the foregoing, Vercel shall be entitled to seek injunctive remedies or other types of urgent legal relief in any jurisdiction.

1. Introduction

This Data Protection Addendum (this "Addendum") is attached to and made a part of the Vercel Integrations Marketplace Agreement between you and Vercel (the "Agreement"). This Addendum shall become legally binding upon Developer entering into the Agreement.

2. Definitions

Any capitalized terms that are used but not defined in this Addendum have the meanings given in the Agreement.

"Affiliate" means an entity that controls, is controlled by, or is under common control with a Party, where "control" means either (i) direct or indirect ownership or control of more than 50% of the voting interest of the subject entity; or (ii) the ability to control the activities of the Party through contractual rights.

"Applicable Data Protection Law" means all privacy and data protection laws, regulations, guidance and/or codes of practice relating to the processing of Personal Data in connection with the Agreement, including but not limited to (i) Regulation (EU) 2016/679 (the "EU GDPR"); (ii) the EU GDPR as saved into UK law by virtue of Section 3 of the UK's European Union Act 2018 and the UK Data Protection Act 2018 ("UK GDPR"); (iii) Swiss Federal Data Protection Act of 19 June 1992 and its corresponding ordinances ("Swiss DPA"); the Canadian Personal Information Protection and Electronic Documents Act ("PIPEDA"); the California Consumer Privacy Act of 2018 (California Civil Code 1798.100-1798.199), including any amendments and its implementing regulations that become effective on or after the Effective Date ("CCPA"); and (iv) the e-Privacy Directive (Directive 2002/58/EC); and (v) any applicable data protection laws made under or pursuant to or that apply in conjunction with (i), (ii), (iii), and/or (iv) (in each case as amended, suspended or replaced from time to time).

"EEA" means the European Economic Area.

"End User Data" means any data or information, including Personal Data, that is uploaded by or on behalf of Vercel customers and processed or otherwise handled by Developer under or in connection with the Agreement, including End Users' customer Personal Data.

"Protected Data" means Vercel Personal Data, End User Data, metadata, Usage Data, or other information associated with End Users and/or End User customers.

"Restricted Transfer" means (i) where the EU GDPR applies, a transfer of Personal Data from the EEA to a country outside of the EEA which is not subject to an adequacy determination by the European Commission; and (ii) where the UK GDPR applies, a transfer of Personal Data from the UK to any other country which is not subject based on adequacy regulations pursuant to Section 17A of the UK GDPR, in either case whether such transfer is direct or via onward transfer.

"Security Incident" means any suspected or confirmed unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data transmitted, stored, or otherwise Processed by Developer and/or its Subprocessors in connection with the Agreement.

"Standard Contractual Clauses" or "SCCs" means (i) where the EU GDPR applies, the contractual clauses annexed to European Commission's Implementing Decision 2021/914 of June, 4 2021 ("EU SCCs"); and (ii) where the UK GDPR applies, the applicable standard data protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR ("UK SCCs") (in each case, as updated, amended, or superseded from time to time).

"Subprocessor" means any authorized third party that Processes Personal Data to assist Developer in fulfilling its obligations under the Agreement and this Addendum.

"UK" means the United Kingdom.

"Vercel Personal Data" means any Personal Data that relates to a Vercel employee whether supplied by Vercel to Developer or collected or generated by Developer in the course of performing its obligations under the Agreement.

The terms "Business", "Consumer", "Controller", "Data Subject", "Supervisory Authority", "Personal Data" (including the terms "Personal Information" and other variations), "Processing" (including the terms "Process", "Processes", and "Processed" and other variations), "Processor", "Sale" (including the terms "Sell", "Selling", "Sold", and other variations), "Sensitive Information", and "Service Provider" as used in this Addendum have the meaning given to them in Applicable Data Protection Laws.

3. Description and Scope of Processing

3.1 Compliance with Law. Vercel shall comply with its obligations under Applicable Data Protection Law in relation to its Processing of Personal Data and only transfer Protected Data to Developers for the Permitted Purposes, as defined below. Developer shall comply with its obligations under Applicable Data Protection Law in relation to its Processing of Protected Data. Developer shall immediately notify Vercel if it is unable to comply with its obligations under Applicable Data Protection Law and/or the terms of the Agreement (including this Addendum) as they relate to or govern the Processing of Protected Data. In the event of any such non-compliance, and without prejudice to any other right or remedy available to Vercel under the Agreement, Developer shall take all reasonable and appropriate steps to remediate any non-compliance and immediately cease (and require that all Subprocessors immediately cease) Processing Protected Data if Developer cannot correct such non-compliance within a reasonable time frame.

3.2 Role of the Parties. The Parties acknowledge and agree that with regard to the Processing of Protected Data, each Party acts as an independent Controller.

3.3 Scope of Processing. This Addendum covers the Processing of (i) Personal Data that the Developer uploads, transfers, or otherwise provides to Vercel in connection with the Agreement; and (ii) Personal Data that Vercel End Users or End User customers upload, transfer, or otherwise provide to Developer in connection with the Agreement. Vercel will only provide Protected Data to Developer for the limited and specified purposes as set forth in the Agreement and this Addendum, including establishing and facilitating a relationship between the Developer and End User and permitting Developer to provide the Developer Application to Vercel's End Users ("Permitted Purpose"). Developer will Process Protected Data only as necessary to perform its obligations under the Agreement, unless the End User agrees to allow different uses.

3.4 Cooperation and Assistance. Upon request, the Parties shall provide reasonable cooperation and assistance needed to fulfill each Parties obligations under Applicable Data Protection Law. The Parties acknowledge and agree that they may disclose the SCCs, this Addendum, and any privacy-related provisions in the Agreement to any applicable regulator or competent court upon request.

3.5 Data Quality and Purpose Limitation. Developer will (i) keep Protected Data up-to-date and (ii) ensure that Protected Data Developer collects or generates is adequate, relevant, and proportionate in relation to the purpose for which it is Processed. In no event will Developer collect Sensitive Information.

3.6 Notice. Developer must (i) identify itself as the collector and processor of all End User Data; (ii) not hold itself out as collecting any Personal Data on Vercel's behalf; (iii) provide sufficient notice of its privacy practices to all End Users, such as by posting a privacy policy; and (iv) provide notice to individuals in the event that Developer makes automated decisions affecting Vercel's employees', End User's or End User customers' rights.

4. Security

4.1 Security Measures. Developer will implement and maintain technical and organizational security measures designed to protect Protected Data from Security Incidents and to preserve the security, integrity, and confidentiality of the Protected Data and provide a level of security appropriate to the risk in respect of the Permitted Purpose. Throughout the term of the Agreement, Developer will regularly test, assess, and evaluate the effectiveness of implemented technical and organizational security measures and make any adjustments necessary to comply with the obligations set forth in this Section 4.

4.2 Developer Responsibilities. Developer agrees that, without limitation of Vercel's obligations under this Section 4, Developer is solely responsible for its use of the Integration Marketplace and Vercel API services, including

(a) making appropriate use of the services to ensure a level of security appropriate to the risk in respect of Protected Data;

(b) securing the account authentication credentials, systems and devices Developer uses to access the Vercel API services;

(c) securing Developer's systems and devices that it uses with the Vercel API services;

(d) maintaining its own backups of Protected Data to ensure complete recovery of Protected Data is guaranteed should a disaster recovery event occur under the Agreement; and

(e) maintaining a process for restoring critical business functions in the event of a business continuity event.

4.3 Security Incident. Developer will maintain an appropriate incident response plan that includes processes for identification, mitigation, remediation, and prevention of recurrence of Security Incidents. Upon becoming aware of a Security Incident, Developer will notify Vercel without undue delay, but in no event more than 48 hours, unless prohibited by applicable law. Such notice to Vercel will describe, to the extent possible,

(a) the details of the Security Incident as known or as reasonably requested by Vercel to meet its obligations under Applicable Data Protection Law;

(b) the steps taken to mitigate the potential risks; and

(c) contact information for receiving more information from Developer. Vercel may request additional information, including forensic investigation, if deemed necessary. Developer is solely responsible for complying with Security Incident notification laws applicable to Developer and fulfilling any third-party notification obligations related to any Security Incidents. Unless required by law, Developer will not report, notify, or otherwise communicate any information regarding a Security Incident to a third party or regulatory authority without prior written notice to Vercel.

5. Audits and Compliance

To the extent Vercel is involved in an audit initiated by a Supervisory Authority that requires participation from Developer, or requires an audit to demonstrate compliance with its obligations under this Addendum and Applicable Data Protection Law, Developer will reasonably cooperate with Vercel and promptly make available to Vercel all necessary personnel, audit or compliance reports, application software, policies, Privacy Notice, or any similar information in connection with Protected Data. Developer agrees that Vercel may provide this Addendum and any relevant clauses of the Agreement to authorities or competent courts upon request.

6. Subprocessors

Developer must process and communicate Protected Data to third parties only for the limited and specific purposes of providing its services to the End User as described in its agreement with the End User, unless the End User agrees to allow different uses. Developer has conducted appropriate due diligence on its Subprocessors, and must include terms in its contract with each third party, including its Subprocessors, which are materially the same and at least as protective as those set out in this Addendum.

7. Data Subject Requests

Developer will, upon Vercel's request, provide Vercel with such timely assistance as it may reasonably require to comply with its obligations under Applicable Data Protection Law to respond to requests from individuals to exercise their rights under Applicable Data Protection Law (e.g., rights of data access, rectification, erasure, restriction, portability and objection) or any other correspondence, enquiry or complaint received from a Data Subject, regulator or other third party in connection with the Processing of Protected Data. Developer will promptly notify Vercel of any communications it receives from a Supervisory Authority or other government authority, court or third party relating to its Processing of Protected Data under the Permitted Purpose. If Developer receives a request from a Data Subject in relation to its Processing of Protected Data, Developer will be responsible for responding to any such request.

8. Return or Deletion of Protected Data

Upon Vercel's reasonable request, Developer will within 30 days return or delete all copies of Protected Data in its possession or control. Notwithstanding the foregoing, Vercel understands that Developer may retain Protected Data if, to the extent and for as long as required by law, Developer notifies Vercel of such requirement and the scope of the resulting data retention, and such data will remain subject to the requirements of this Addendum.

9. International Provisions

9.1 Jurisdiction Specific Terms. To the extent that Developer Processes Protected Data originating from and protected by Applicable Data Protection Law in one of the jurisdictions listed in Schedule 4 (Jurisdiction Specific Terms), then the terms specified therein with respect to the applicable jurisdiction(s) will apply in addition to the terms of this Addendum.

9.2 International Transfers. For data transfers, whether by direct or onwards transfer, Developer shall (i) take steps as are necessary to ensure an adequate level of protection for such Protected Data in accordance with the requirements of Applicable Data Protection Law and this Addendum; and (ii) is liable for onward transfers of Protected Data to its Subprocessors.

9.3 SCCs. If and to the extent the transfer of Protected Data from Vercel to Developer is a Restricted Transfer, the Parties agree to be subject to, abide by, and process such Protected Data in compliance with the SCCs. It is not the intention of either Party to contradict or restrict any of the provisions set forth in the SCCs, and, accordingly, if and to the extent the SCCs conflict with any provisions of the Agreement (including this Addendum), the SCCs will prevail to the extent of such conflict.

10. General; Termination

10.1 Duration, Severability and Conflict. This Addendum forms part of the Agreement and except as expressly set forth in this Addendum, the Agreement remains unchanged and in full force. This Addendum will remain in effect until, and automatically terminate upon, Developer ceasing Processing Protected Data under the Agreement and Developer deleting or returning all of the Protected Data as described in this Addendum. In the event that Developer is in breach of this Addendum or the Applicable Data Protection Law, Vercel may suspend or cease the transfer of or prohibit the collection and processing of any or all Protected Data to Developer until the breach is cured or the Agreement is terminated. To the extent that there is a conflict between this Addendum and the Agreement, the terms of this Addendum shall govern.

10.2 Liability and Indemnification. Any liabilities arising under this Addendum are subject to the limitations of liability in the Agreement. Developer shall indemnify Vercel, including its Affiliates, and its Affiliates' officers, directors, agents, or employees, from and against any and all fines, sanctions, claims, losses, liabilities, damages, costs and expenses, including third party claims, demands, reasonable attorneys' fees, consultants' fees and court costs (collectively, "Claims") that arise from, or may be in any way attributable to (i) any violation, error or omission by Developer of any of its obligations under this Addendum; (ii) the negligence, gross negligence, bad faith, or intentional or willful misconduct of Developer and/or its personnel, and/or Subprocessors, in connection with obligations set forth in this Addendum; and/or (iii) any Security Incident. The Parties agree that the foregoing indemnification obligations shall apply irrespective of the location where such Claim is made, filed or adjudicated, whether in the United States or abroad, and irrespective of any choice of law/forum language in the Agreement.

10.3 Governing Law. This Addendum will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Applicable Data Protection Law or the SCCs.

10.4 Notification. In addition to other notification requirements in this Addendum and the Agreement, Developer must notify Vercel in the event that Developer's data processing or privacy practices materially change in a way that impacts the protection of Protected Data or Vercel's rights and obligations under the Agreement. Developer must give Vercel 30 days prior written notice of the change.

10.5 Termination. Vercel may terminate the Agreement without prejudice to any other claims in the event that Developer (i) can no longer meet its privacy obligations; (ii) is in substantial or persistent breach of any warranties or representations under this Addendum; or (iii) is no longer carrying on business, is dissolved, enters receivership, or a winding up order is made on behalf of Developer. Upon termination of the Agreement, Developer must

(a) take reasonable steps to stop the Processing of Protected Data; and

(b) provide Vercel reasonable assurance and information that Developer has complied with its obligations under Section 8 (Return or Deletion of Protected Data).

Schedule 1: Subject Matter & Details of Processing

This Schedule 1 sets out the details of Personal Data to be Processed by the Parties pursuant to the Agreement and this Addendum. Upon written agreement, the Parties may make amendments to Schedule 1 as is necessary to reflect any changes in the Vercel Marketplace, the Processing of Protected Data by Developer, and/or changes in Applicable Data Protection Law.

1. Nature and Purpose of the Processing. Developer will Process Protected Data as necessary to provide the Developer Application under the Agreement.

2. Processing Activities. Protected Data will be subject to the following basic processing activities: the provision of the Developer Application to End Users under the Agreement.

3. Duration of the Processing. The period for which Protected Data will be retained and the criteria used to determine that period is outlined in Section 8 (Return or Deletion of Protected Data) of the Addendum.

4. Categories of Data Subjects. The categories of Data Subjects are Vercel's employees, End Users, and End User customers.

5. Categories of Personal Data. The categories of Personal Data are such categories as each Party is authorized to ingest into the Marketplace or the Developer Application under the Agreement.

6. Sensitive Data or Special Categories of Data. Sensitive data shall not be included in Protected Data.

Schedule 2: Technical & Organizational Security Measures

Where applicable, this Schedule 2 will serve as Annex II to the Standard Contractual Clauses.

The Parties have implemented and will maintain security measures, internal controls, and information security policies and procedures designed to protect Protected Data. The Parties shall regularly monitor compliance with these safeguards. The Parties have the following security measures in place:

• Measures of pseudonymization and encryption of personal data.
• Measures for ensuring ongoing confidentiality, integrity, and availability and resilience of processing systems and services.
• Measures for ensuring the ability to restore availability and access to Personal Data in a timely manner in the event of a physical or technical incident.
• Processes for regular testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of processing.
• Measures for user identification and authorization.
• Measures for the protection of data during transmission.
• Measures for the protection of data during storage.
• Measures for ensuring physical security of locations at which personal data are processed.
• Measures for ensuring events logging.
• Measures for ensuring systems configuration, including default configuration.
• Measures for internal IT and IT security governance and management.
• Measures for certifications/assurance of processes and products.
• Measures for ensuring data minimization.
• Measures for ensuring data quality.
• Measures for ensuring limited data retention.
• Measures for ensuring accountability.
• Measures for allowing data portability and ensuring erasure.
• For transfers to [sub]-processors, also describe the specific technical and organizational measures to be taken by the [sub]-processor to be able to provide assistance to the controller and, for transfers from a processor to a [sub]-processor, to the data exporter.

Schedule 3: Cross Border Data Transfer Mechanism

1. UK SCCs

For data transfers from the UK, the UK international data transfer addendum ("UK IDTA") will be deemed entered into (and incorporated into this Addendum by reference) together with the SCCs as set forth in Section 2 of this Schedule below.

2. EU SCCs

For data transfers from the EEA, the UK, and Switzerland that are subject to the SCCs, the SCCs will apply in the following manner:

a. As to the specific modules, the parties agree that Module One (Controller-to-Controller) will apply where Vercel is a Controller of Protected Data and Developer is a Controller of Protected Data;

b. For Module One, where applicable:

(i) in Clause 7, the optional docking clause will not apply; (ii) in Clause 11, the optional language will not apply; (iv) in Clause 17 (Option 1), the 2021 Standard Contractual Clauses will be governed by Irish law; (v) in Clause 18(b), disputes will be resolved before the courts of Ireland; (vi) In Annex I, Part A:

Data Exporter: Vercel and authorized Affiliates of Vercel.

Contact Details: Vercel Privacy – privacy@vercel.com.

Data Exporter Role: The Data Exporter's role is outlined in Section 3 (Description and Scope of Processing) of this Addendum.

Signature & Date: By entering into the Agreement, Data Exporter is deemed to have signed these SCCs incorporated herein, including their Annexes, as of the Effective Date of the Agreement.

Data Importer: Developer

Contact Details: Developer's contact information as displayed in each application detail page and made available to users in Vercel Marketplace.

Data Importer Role: The Data Importer's role is outlined in Section 3 (Description and Scope of Processing) of this Addendum.

Signature & Date: By entering into the Agreement, Data Importer is deemed to have signed these SCCs, incorporated herein, including their Annexes, as of the Effective Date of the Agreement.

(vii) In Annex I, Part B:

The categories of data subjects are described in Schedule 1, Section 4. The sensitive data transferred is described in Schedule 1, Section 6. The frequency of the transfer is a continuous basis for the duration of the Agreement. The nature and purpose of the processing is described in Schedule 1, Section 1. The period of the processing is described in Schedule 1, Section 3.

(viii) In Annex I, Part C: The Irish Data Protection Commission will be the competent supervisory authority. (ix) Schedule 2 serves as Annex II of the Standard Contractual Clauses.

3. To the extent there is any conflict between the SCCs and any other terms in this Addendum, including Schedule 4 (Jurisdiction Specific Terms), the provisions of the SCCs, as applicable, will prevail.

Schedule 4: Jurisdiction Specific Terms

1. EEA and UK

a. References in this Addendum to GDPR will to that extent be deemed to be references to the corresponding laws of the UK (including the UK GDPR and Data Protection Act 2018).

b. Notwithstanding anything to the contrary in this Addendum or in the Agreement (including, without limitation, either party's indemnification obligations), neither party will be responsible for any GDPR fines issued or levied under Article 83 of the GDPR against the other party by a regulatory authority or governmental body based on such other party's violation of the GDPR.

2. California

a. The definition of "Applicable Data Protection Law" includes the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act of 2020 ("CPRA"). All references throughout the Addendum to CCPA are inclusive of CCPA and CPRA.

b. Developer will not

(a) retain, use or disclose any Protected Data for any purpose other than the Permitted Purpose, including retaining, using or disclosing Protected Data for a commercial purpose other than providing the Developer Application to End Users; or

(b) combine Protected Data with other personal information that it received from or on behalf of another person/entity, or collects from its own interaction with the consumer.

c. Developer certifies and warrants that it will comply with all applicable provisions of CCPA and the terms of this Section 2 (California). Developer shall promptly notify Vercel if Developer determines that it can no longer meet its obligations.

d. Notwithstanding anything in the Agreement or any similar document entered in connection therewith, the Parties acknowledge and agree that Developer's access to Protected Data does not constitute payment, benefit, or other consideration exchanged by the Parties in respect of the Agreement.

e. Developer implements and maintains reasonable security and privacy practices appropriate to the nature of the personal information that it processes as set forth in Section 4 of this Addendum (Security).

f. Developer agrees that it will provide Vercel with reasonable assistance and cooperate with Vercel's obligations under CCPA to ensure that Developer is: (i) processing Protected Data in a manner consistent with Developer's obligations and (ii) stop and remediate any unauthorized use of Protected Data.

g. In the event that either party shares de-identified information with the other party, the receiving party warrants that it: (i) takes reasonable measures to ensure that the information cannot be associated with a consumer or household; (ii) commits to maintain and use the information in de-identified form and not to attempt to re-identify the information, except that the party attempt to re-identify the information solely for the purpose of determining whether its de-identification processes satisfy the law; and (iii) contractually obligates any recipients of the information to comply with all applicable laws.

3. Australia

a. As the definition of "Applicable Data Protection Law" includes the Australian Privacy Principles and the Australian Privacy Act (1988), the following applies:

(i) The definition of "Personal Data" includes "Personal Information" as defined under the Australian Privacy Principles and the Australian Privacy Act (1988). (ii) The definition of "Sensitive Data" includes "Sensitive Information" as defined under the Australian Privacy Principles and the Australian Privacy Act (1988).