AI GOVERNANCE PRODUCT ADDENDUM

This AI Governance Product Addendum (“Addendum”) supplements and amends the Master Subscription Agreement (“MSA”) between TeamGuard AI, Inc. d/b/a Adaptive Security (“Adaptive”) and the Customer identified on the applicable Order Form, on behalf of itself, its Affiliates, and its Authorized Users (collectively, the “Customer”). Capitalized terms not defined herein have the meanings given in the MSA. In the event of any conflict between this Addendum and the MSA, this Addendum shall control. This Addendum sets forth certain terms applicable to the AI Governance Products (defined below). Additional terms (including fees, usage limits, and subscription term) shall be set forth in one or more Order Forms (as defined in the MSA), which shall supplement this Addendum. To the extent any provision of the MSA conditions rights, obligations, or terms on the existence of an Order Form, this Addendum shall be deemed to satisfy such requirement with respect to the AI Governance Products unless and until a separate Order Form is executed for the AI Governance Products.

  1. Scope. This Addendum applies to Adaptive’s offering and Customer’s use of Adaptive’s AI governance products, including Adaptive’s browser extension that permits IT administration and monitors web activity for security risks and unauthorized interactions with tools, as well as any accompanying administrative portal, dashboards, and reporting features, and any Adaptive features or services that involve the automated scanning, analysis, or processing of Customer’s browser activity data (collectively, the “AI Governance Products”). Customer acknowledges that the AI Governance Products involve the use of artificial intelligence and machine learning technology (collectively, “AI”).  

  1. License to AI Governance Products. The AI Governance Products constitute part of the Platform for all purposes under the MSA. Adaptive hereby grants to Customer during the AI Governance Term a non-exclusive, non-transferable, non-assignable (except as otherwise stated in the MSA) and non-sublicensable right and license to access and use the AI Governance Products for Customer’s internal business purposes, subject to any usage limits set forth in an applicable Order Form, including (a) to deploy and enable the AI Governance Products on the devices of those Authorized Users whose web browsing activity Customer elects to monitor (each such Authorized User, a “AI Governance User”) and enable such AI Governance Users to access and use the AI Governance Products deployed on their devices; and (b) to designate AI Governance Users to access and use the administrative portal, dashboards, and reporting features of the AI Governance Products to monitor web browsing activity for security risks, detect and manage unauthorized application usage, and monitor and enforce policies governing interactions with tools. For the avoidance of doubt, the license restrictions and Customer responsibilities set forth in the MSA apply to Customer’s access to and use of the AI Governance Products.

  1. Term and Termination. The term of this Addendum shall commence on the date this Addendum is executed by both Parties and shall continue until the expiration of any Free Access Period (defined below) and any term set forth on an Order Form (“AI Governance Term”).
    1. Free Access Period. During any period in which Customer accesses or uses the AI Governance Products, as authorized by Adaptive, without having executed an applicable Order Form (“Free Access Period”), Customer may use the AI Governance Products on an at-will basis, subject to the terms of this Addendum and the MSA. The Free Access Period shall expire upon the earlier of: (i) the execution of an applicable Order Form, or (ii) written notice of termination by either Party to the other Party.
    2. Order Form Period. Unless otherwise set forth in an applicable Order Form, each Order Form for the AI Governance Products shall have an initial subscription term as set forth therein and shall automatically renew for successive periods of equal duration, unless either Party provides written notice of non-renewal to the other Party no fewer than thirty (30) days prior to the end of the then-current term (or such other notice period as may be specified in the applicable Order Form). Each Order Form may be terminated in accordance with the MSA. Upon expiration (including non-renewal) or termination of all applicable Order Forms, Customer’s right to access and use the AI Governance Products under such Order Forms shall immediately cease.

  1. Fees. During any Free Access Period, no fees shall be due or payable by Customer for access to or use of the AI Governance Products. To the extent an Order Form specifies fees, payment terms, a payment schedule, or other commercial terms for the AI Governance Products, such terms shall govern and Customer shall pay all fees in accordance with the MSA and the applicable Order Form.

  1. Browser Data Processing. Customer acknowledges and agrees that the AI Governance Products will access and process data sent to, from, or within Customer’s web browsing environment, including downloaded and uploaded data, website information, website interactions, browser information, browser plugins, browser settings information, device information, and other information related to use of the applicable browser (collectively, “Browser Data”), for the purpose of providing the AI Governance Products, which may include, but not be limited to, detecting, analyzing, and classifying, and seeking to remediate potential security threats. For the avoidance of doubt, Browser Data constitutes Customer’s Confidential Information under the MSA and is subject to the confidentiality obligations set forth therein.

  1. Data Use Rights. In addition to the data use rights granted under the MSA, Customer hereby grants Adaptive a non-exclusive, royalty-free, worldwide license to use Derived Data to improve, enhance, and develop Adaptive’s products and services, including Adaptive’s Platform, systems, tools, general threat intelligence and global threat intelligence database, detection efficacy, protection against emerging threats, AI Governance Products, and future security offerings. For the avoidance of doubt, the license granted in this Section 6 does not extend to Raw Browser Data. Adaptive’s use of Raw Browser Data is limited solely to providing and supporting the AI Governance Products as described in Section 5, and subject to the retention limits in Section 9.

Browser Metadata” means structured, non-content data collected by the AI Governance Products about a user’s browsing session, including but not limited to: page-level metadata, navigation and referral data, file transfer event data, and device context. Browser Metadata does not include the substantive content of web pages, user inputs, or files.

Derived Data” means any data generated by Adaptive through processing, analysis, or transformation of Customer Information, including de-identified Browser Metadata, risk signals, classification labels, sensitivity scores, threat intelligence, de-identified usage patterns, and plain-language risk summaries. Derived Data reflects Adaptive’s analytical output in a de-identified manner and does not include Raw Browser Data or Browser Metadata in unprocessed form. For the avoidance of doubt, Derived Data is not considered Customer Information.

     

Raw Browser Data” means unprocessed Browser Data, prior to aggregation, anonymization, or derivation.

  1. Browser Metadata Use for Security and Improvement. 
    1. Customer acknowledges and agrees that Adaptive may retain, analyze, review, annotate, and otherwise process and use Browser Metadata as necessary to detect, investigate, remediate, and prevent security threats, and to improve Adaptive’s detection capabilities, and developing threat intelligence, in each case subject to Section 8 of this Addendum.

  1. Data Safeguards. 
    1. When exercising the rights granted under this Addendum, Adaptive shall:

      1. implement commercially reasonable technical and organizational measures to protect Browser Data, including encryption in transit and at rest;
      2. not sell Browser Data to third parties;
      3. when using third-party large language model providers, use only services that do not retain Customer data for training purposes (i.e., “zero data retention” providers);
      4. not use Raw Browser Data for training AI models, except as instructed by Customer pursuant to customer-specific AI model offerings from Adaptive;
      5. limit internal access to Raw Browser Data to personnel with a need-to-know basis for providing and supporting the AI Governance Products.
    2. Adaptive may use service providers (including hosting, observability, security operations, and support providers) to process Browser Data solely to provide and improve the AI Governance Products, subject to the terms of this Addendum.

  1. Data Retention.
    1. Derived Data. Adaptive may retain Derived Data after the expiration or termination of the Addendum, subject to applicable laws. 
    2. Raw Browser Data. Adaptive will delete or de-identify Raw Browser Data within one (1) day of processing, unless a longer retention period is required for (i) Adaptive’s customer-specific AI model services requested by Customer; (ii) an active security investigation, or (iii) by applicable law. During the retention period, Raw Browser Data will be used solely to provide the AI Governance Products and support active security investigations, in each case subject to Section 8 of this Addendum.
    3. Browser Metadata. Unless otherwise directed by Customer, and subject to Section 10 of this Addendum, Adaptive may retain Browser Metadata for the term of the Addendum to provide the AI Governance Products, support active security investigations, and as otherwise provided in this Addendum.     

  1. Customer Data Deletion Rights.
    1. Deletion Requests. Customer may request deletion of its Raw Browser Data [or Browser Metadata] at any time by submitting a written request to Adaptive at the designated contact address (or such other method as Adaptive may provide).
    2. Deletion Timeline. Adaptive will use commercially reasonable efforts to delete the requested data within thirty (30) days of receiving the request, and will provide written confirmation of deletion upon completion.
    3. Exceptions. Adaptive is not required to delete data to the extent that retention is: (i) required by applicable law, regulation, or legal process; (ii) necessary for an active, documented security investigation; or (iii) technically infeasible (e.g., data already incorporated into Derived Data). 
    4. Termination. Upon expiration or termination of this Addendum, Adaptive will delete all Raw Browser Data and Browser Metadata within sixty (60) days, subject to the exceptions in Section 10(c). 

  1. Customer Representations and Obligations. Customer represents, warrants, and covenants that: (a) it has obtained, and shall maintain throughout the AI Governance Term, all rights, consents, and authorizations required under applicable laws to access, deploy and use the AI Governance Products as contemplated by this Addendum, including Adaptive’s processing of any Browser Data in connection therewith; (b) it has the legal authority to collect, transmit, and make available Browser Data to Adaptive as contemplated by this Addendum, including under all applicable privacy, data protection, and employment laws, rules and regulations; (c) it is solely responsible for providing all required notices to, and obtaining all required consents from, its AI Governance Users regarding Customer’s use of the AI Governance Products, including the collection and transmission of Browser Data; and (d) its use of the AI Governance Products shall comply with all applicable laws in each jurisdiction in which the AI Governance Products are used or deployed.

  1. Disclaimers Regarding AI Governance Products. Customer acknowledges and agrees that: (a) the AI Governance Products rely on automated detection methodologies, including AI-based classification and risk scoring, which may produce false positives (e.g., incorrectly identifying activity as a security risk) or false negatives (e.g., failing to identify actual security risks); (b) Platform Outputs generated by the AI Governance Products are provided for informational purposes only and do not constitute legal, compliance, or employment advice; and (c) Customer is solely responsible for reviewing and evaluating all Platform Outputs prior to taking any action based thereon, including any employment, disciplinary, or access-related decisions. ADAPTIVE SHALL NOT BE LIABLE FOR ANY LOSSES ARISING OUT OF OR RELATED TO (I) ANY FALSE POSITIVE OR FALSE NEGATIVE PLATFORM OUTPUT, (II) ANY ACTION TAKEN OR NOT TAKEN BY CUSTOMER OR ITS AI GOVERNANCE USERS IN RELIANCE ON PLATFORM OUTPUTS, OR (III) ANY FAILURE OF THE AI GOVERNANCE PRODUCTS TO DETECT, PREVENT, OR REMEDIATE ANY SECURITY THREAT, UNAUTHORIZED APPLICATION USAGE, OR DATA EXPOSURE.

  1. Indemnification. Customer shall indemnify, defend, and hold harmless Adaptive and its affiliates, and each of their respective officers, directors, consultants, contractors, agents, attorneys, and employees from and against all Losses arising out of any Action resulting from: (a) Customer’s breach of its representations, warranties or covenants in this Addendum; (b) any claims by employees, contractors, or other AI Governance Users arising out of or relating to the AI Governance Products; (c) Customer’s collection, transmission, or processing of Browser Data, including any claim that such collection, transmission, or processing violates applicable privacy, data protection, or employment laws, rules or regulations; or (d) Customer’s use of the AI Governance Products.

  1. Survival. The licenses granted in this Addendum shall survive termination or expiration of this Addendum solely with respect to Derived Data generated prior to such termination or expiration. In addition, any provisions of this Addendum that by their nature or terms are intended to survive the expiration or termination of this Addendum shall so survive.
  2. General. Except as expressly modified by this Addendum, the MSA remains in full force and effect. In the event of any conflict or inconsistency between this Addendum and any other addendum, program terms, or supplemental agreement governing Customer’s participation in alpha, beta, preview, or early access programs (including any Feature Preview Program Addendum), this Addendum shall control with respect to all matters relating to the provision, operation, and use of the AI Governance Products, including any processing, use, retention, and deletion of data in connection therewith. In the event of any conflict or inconsistency among the MSA, this Addendum, and an applicable Order Form for the AI Governance Products, the order of precedence shall be: (a) the Order Form, (b) this Addendum, and (c) the MSA, in each case solely to the extent of such conflict or inconsistency. This Addendum may be executed in counterparts.