PLATFORM CUSTOMER AGREEMENT (B2B)

1.1.

1.2.

1.3. Territory and International Nature.

1.4. Publicity and Form.

1.5. Related Documents.

• Description of Rates https://www.gro.now/ru#pricing;
• Billing Policy https://app.gro.now/legal/billing-policy;
• Service Level Agreement (SLA) https://app.gro.now/legal/sla;
• Acceptable Use Policy (AUP) https://app.gro.now/legal/acceptable-use-policy
• Rules for Conducting Surveys and Activities https://app.gro.now/legal/activity-rules;
• General Personal Data Processing Policy https://app.gro.now/legal/general-privacy-policy;
• Data Processing Addendum (DPA) https://app.gro.now/legal/dpa;
• Cookie Policy https://app.gro.now/legal/cookie-policy;

The order of priority of documents is established in Section 27.

1.6. Language Versions.

1.7. Provider's Contacts.

1.8. Customer Account.

3.1. Provision of Access to the Platform (SaaS).

3.2. Platform Functionality.

• **3.2.1. Reputation Module.** Consolidation and analysis of user reviews/ratings and other customer experience signals from supported sources for reputation research and service quality monitoring, with the presentation of aggregated Results, for example:
  a) consolidated monthly and regional performance reports;
  b) AI analysis of strengths/weaknesses, dynamics of service quality indicators (including NPS);
  c) trend tracking and notifications of significant deviations according to defined rules;
  d) comparable overview of market players based on available metrics and comparative dashboards for selected competitors/categories;
  e) identification of best practices and lagging areas, benchmarks for planning and monitoring changes
• **3.2.2. Surveys Module.** Tools for the Customer to independently conduct Surveys and other Activities, for example:
  a) questionnaire builder with customizable question types, multilingual support;
  b) support for CSI, NPS, ENPS, and other satisfaction/engagement metrics;
  c) gaming formats (including swipes/stories/quizzes) and a “voice-to-text” option;
  d) collection, processing, and visualization of Results in the Platform interface.
• **3.2.3. Referral Programs Module.** Means for engaging consumers, launching referral and partner activities, for example:
  a) automatic identification of promoters based on Survey responses/metrics;
  b) invitation to a referral program, generation of personalized promo codes, and sharing tools;
  c) tracking of referrals/activities and basic analytics in a unified dashboard.
• **3.2.4. General Tools.** Integrations with supported data sources, export of Results, user and role administration, notification management, API/SDK access (if available).
  Notes: (i) the list of sources, metrics, and formats may change without degrading the basic scope under the Rate; (ii) individual functions may be provided in the status of Trial Features “as is” (see clause 3.11).

3.3. What is NOT included in the Services.

• **3.3.1.** professional, scientific, and technical services, including engineering services;
• **3.3.2.** services in the field of advertising and market research (market research in the meaning of services provided by the Provider as a contractor);
• **3.3.3.** information services provided as an independent type of service (preparation of reports/summaries by the Provider, editorial/analytical data processing, etc.).

3.4. Additional Services.

• **3.4.1.** development/customization of Modules for the Customer's tasks;
• **3.4.2.** refinement of the Platform's functionality for specific requirements (feature customizations);
• **3.4.3.** configuration and/or extended configuration of the API;
• **3.4.4.** integration of the Platform with the Customer's systems and implementation of the Platform into the Customer's infrastructure.

The scope, timing, cost, and acceptance terms for such additional services are determined only in the relevant Additional Agreement/Order.

3.5. Customer Responsibility in Using the Services.

• **3.5.1.** The Customer independently plans and conducts Activities (including Surveys), forms goals and hypotheses, designs and scenarios for interacting with respondents, determines target audiences and data sources, ensures the legality of their receipt and processing, and the availability of all necessary consents/notifications from data subjects (if applicable).
• **3.5.2.** The Customer is responsible for the compliance of the content of Activities (including Surveys), scripts, questionnaires, triggers, and collected data with the requirements of applicable law, AUP, and DPA.
• **3.5.3.** The Provider does not control and is not obliged to control the content of Activities (including Surveys) and is not responsible for the correctness of the Customer's methodology, interpretations, or conclusions.

3.6. Restrictions and Acceptable Use.

3.7. Rates, Limits, and Quotas.

3.8. Support and SLA.

3.9. Third-Party Services and Integrations.

3.10. Data from Open Sources.

3.11. Service Evolution and Trial Features.

3.12. Results and Export.

3.13. Geography and Compliance Restrictions.

3.14. Priority of Documents.

3.15. Specifics of Activity Regulation.

4.1. Offer.

4.2. Methods of Adherence (Acceptance):

• **4.2.1. By signing a separate contract/order** between the Provider and the Customer, containing a reference to the current online version of the Agreement at the time of signing.
• **4.2.2. By paying the Invoice for the Subscription** issued by the Provider (invoice/bill). Payment of such an invoice constitutes unconditional adherence of the Customer to the Agreement in the version that was effective at the time of payment (unless a different “version/hash” is specified in the invoice/order).

4.3. Moment of Conclusion and Effective Date.

• **4.3.1. ** Upon signing a separate contract/order - from the date of signature by the last Party of the corresponding contract/order (or another date explicitly specified therein).
• **4.3.2. ** Upon payment of the invoice – from the moment the payment is received by the Provider (or from the Subscription start date specified in the invoice/order, if such date is later).

4.4. Online Version and Archive.

4.5. Additional Agreements and Orders for Additional Services/Services.

• **4.5.1.** The Parties may execute **Additional Agreements** and/or **Orders** (SOW/Work Order) for the provision of Additional Services.
• **4.5.2.** Such Additional Agreement/Order must contain a description of the work, deadlines, cost/payment procedure, acceptance criteria, and a reference to the current version of this Agreement as of the date of signing.
• **4.5.3.** Unless explicitly stated otherwise, the execution of the Additional Agreement/Order does not change the Subscription parameters and is not considered an amendment to this Agreement.

4.6. Amendment of Individual Terms in Contractual Documents.

• **4.6.1.** Individual terms of this Agreement may be amended or detailed in a Contract/Additional Agreement/Order signed by the parties.
• **4.6.2. ** In case of a conflict between this Agreement and the terms of the corresponding Contract/Additional Agreement/Order, the terms of the signed Contract/Additional Agreement/Order shall prevail, but only in the part explicitly regulated by it.
• **4.6.3.** The priority indicated in clause 4.6.2 applies locally to the relevant project/services formalized by that Contract/Additional Agreement/Order and does not alter the effect of this Agreement in its remaining part.
• **4.6.4.** If a certain issue is not regulated in the contractual document, the provisions of this Agreement and related documents (SLA, AUP, Description of Rates, etc.) shall apply.

4.7. Authority and Actions of Representatives.

4.8. Electronic Forms and Signing.

4.9. Confirmation of Acceptance and Logging.

4.10. Related Documents and Amendments.

5.1. Account Creation and Roles.

5.2. Customer Users.

5.3. Named Access and Prohibition of Sharing.

5.4. Seats/Licenses and Limits.

5.5. Authentication and Security.

• **5.5.1.** use of strong passwords and, if available, multi-factor authentication (mandatory recommended for Administrators);
• **5.5.2.** up-to-date user data, timely deactivation of dismissed/unauthorized personnel;
• **5.5.3.** protection of devices and networks from which access is made;
• **5.5.4.** keeping keys/tokens/passwords confidential and immediately notifying of their compromise.

5.6. SSO and Authentication Integrations.

5.7. API Access.

5.8. Administration and Principle of Least Privilege.

5.9. Responsibility for Content and Actions.

5.10. Suspicion of Compromise.

5.11. Logs and Audit.

5.12. Access Restriction and Blockages.

5.13. Deactivation and Deletion.

5.14. Customer Contractor Access.

5.15. Trial Features.

5.16. AUP Compliance.

6.1. Trial Use Period

6.2. Scope of Use.

6.3. Data and Risk of Loss

• **6.3.1.** Any data and settings entered by the Customer within the scope of Trial Features may be **irrevocably lost** at the end of the period, except when: a) the Customer formalizes a paid Subscription for the same Services; or b) before the end of the period, the Customer performs an export using available Platform tools (to the extent provided by the functionality).
• **6.3.2.** The Customer undertakes **not to upload** sensitive categories of data (including special categories of personal data) into Trial/beta environments, unless explicitly permitted by the Provider and formalized in the DPA.

6.4. Functionality and Changes

• **6.4.1.** The Provider **does not guarantee** that the functions available in Trial/beta versions will be available, unchanged, or equivalent in the generally available version. The Customer must separately evaluate the functionality of the purchased Services.
• **6.4.2.** Beta features may be changed or disabled at any time without compensation (see also clause 3.11 of the Agreement).

6.5. Warranties, Support, and SLA

• **6.5.1.** Trial Features are provided “**as is**” and “**as available**” without any express or implied warranties, including merchantability, fitness for a particular purpose, non-infringement, and accuracy of results (see Section 16).
• **6.5.2.** The Provider **is not obliged** to provide support for Trial/beta versions; the SLA and service credits **do not apply** to them.

6.6. Liability, Indemnity, and Disclaimer

• **6.6.1.** To the maximum extent permitted by law, the Provider’s liability for Trial Services is **excluded**; the Customer's sole remedy for dissatisfaction is to cease using the Trial Services (see also the limits in Section 16).
• **6.6.2.** The Provider **does not undertake to indemnify losses** for claims related to the use of Trial/beta versions, except for cases explicitly provided for by mandatory legal norms.

6.7. Termination of Trial Access

• **6.7.1.** The Provider has the right to terminate Trial Services at any time by notifying the Customer; access may be restricted immediately if required for security or legal reasons.
• **6.7.2.** Upon termination of Trial Services, the rules of clause 6.3 (data and export) apply.

6.8. Miscellaneous

• **6.8.1.** Trial/beta versions are subject to the AUP and other applicable provisions of the Agreement (including Sections 10, 11, 12, 14, 21). The DPA and the Personal Data Processing Policy apply to the processing of personal data.
• **6.8.2.** Any commercial terms (prices, limits, support) apply only to a paid Subscription and are not implied for Trial/beta versions.

7.1. Plans and Scope of Access.

7.2. Subscription Term.

7.3. Number of Seats and Limits.

7.4. Plan Change (Upgrade/Downgrade).

• **7.4.1. Upgrade** (to a higher plan/increase in seats/quotas) takes effect immediately or from the specified date; the remaining cost of the current period may be accounted for proportionally (co-term) or through an additional invoice – as specified in the Billing Policy (https://www.gro.now/legal/billing-policy).
• **7.4.2. Downgrade** (to a lower plan/decrease in seats/quotas) applies from the beginning of the next Subscription term, unless otherwise agreed. The Customer is obliged to timely adjust usage to the new limits.

7.5. Additional Options.

7.6. Trial Periods/Pilots.

7.7. Change in Plan Parameters.

7.8. Usage Accounting.

• **7.8.1.** The Platform maintains records of events, queries, storage volumes, and other metrics to calculate compliance with limits/quotas. Such data may be used for billing, reporting, and applying measures under AUP/SLA.
• **7.8.2. Acts are not formalized.** Within the framework of this Agreement, acceptance acts for rendered services are not drawn up or signed. The Platform's accounting data serves as confirmation of the scope and fact of Service provision.
• **7.8.3. Platform Reports.** Usage reports are generated by the Platform’s tools and are available in the personal account/exported in supported formats. Such reports and system logs are proper proof of the calculation metrics, unless the Customer proves otherwise documented in accordance with clause 8.3.

7.9. Cancellation of Auto-Renewal and Termination.

8.1. Remuneration and Currency.

8.2. Invoices and Payment Terms (Subscription).

8.3. Acceptance per Reporting Period and Disputes.

• **8.3.1.** Taking into account the advance payment model, challenging an invoice before the end of the reporting period is allowed only in case of obvious technical errors (incorrect currency/rate/period/duplication).
• **8.3.2.** Following each reporting month, the Platform generates a usage report (volumes, limits, add-ons, over-limit), available to the Customer Administrator in the interface/export.
• **8.3.3.** The Customer has the right to send a reasoned claim regarding the volume/quality of the provided Service within **3 business days** from the end of the corresponding reporting month.
• **8.3.4.** In the absence of a reasoned claim within the specified period, the Service for the reporting month is considered rendered in full and of proper quality, and the usage volumes are considered agreed upon. The undisputed part is subject to payment/offset in the general order.

8.4. Taxes and Withholdings.

• **8.4.1.** Prices are indicated **excluding VAT** and other indirect/direct taxes; if they are applicable, they are charged in addition to the price and paid by the Customer.
• **8.4.2.** Payments under the Agreement are made **without withholdings or deductions**. If the Customer's law requires withholding tax at the source, the Customer increases the payment (gross-up) so that the Provider receives the full amount, and provides supporting documents (withholding/remittance certificate).
• **8.4.3.** Upon the Customer's request, the Provider provides a tax residency certificate for the purposes of applying double taxation treaties (if applicable).

8.5. Price Changes.

8.6. Over-Limit and Additional Services.

• **8.6.1.** if advance payment is indicated in the invoice — it is made **before the start** of the provision of the corresponding additional service/work;
• **8.6.2.** if post-factum payment is indicated in the invoice – the payment term is **3 (three) business days** from the invoice date.

Additional services not paid for in advance are not launched; post-factum debt may lead to suspension under clause 8.2. The Provider has the right to combine items in summary invoices.

8.7. Prohibition of Set-off.

8.8. Refunds and Service Credits.

8.9. Settlement Currency and Exchange Rates.

8.10. Anti-Fraud and Payment Compliance.

8.11. Billing Priority.

9.1. AUP as Part of the Agreement.

9.2. Basic Prohibitions.

• **9.2.1.** violate the law and third-party rights, upload/process illegal content;
• **9.2.2.** attempt to circumvent technical restrictions, conduct unauthorized access, penetration tests without consent;
• **9.2.3.** carry out reverse engineering, deobfuscation, scraping, and automated data collection outside the functions provided by the Platform;
• **9.2.4.** transfer access to third parties, share accounts or tokens;
• **9.2.5.** exceed established limits and quotas, abuse the API/integrations.

9.3. Monitoring and Measures.

9.4. AUP Priority.

10.1. Definitions (for the purposes of this Section)

• **10.1.1. Customer Data** – any data, materials, and information (including personal data) uploaded/provided by the Customer to the Platform or obtained from integrations connected at the Customer’s choice.
• **10.1.2. Data from Open Sources** – information aggregated by the Platform from publicly available sources on the Internet, including, but not limited to, review systems, navigators, media/articles, social networks, competitor websites, and other public resources.
• **10.1.3. Data Owners** – natural/legal persons who own the rights to the corresponding sources from which Data from Open Sources enters the Platform.
• **10.1.4. Results** – any reports, visualizations, metrics, and other output materials generated by the Platform automatically based on Customer Data and/or Data from Open Sources.

10.2. Rights to Data and Licenses

• **10.2.1. Customer Ownership.** All rights to Customer Data are retained by the Customer. The Provider does not acquire any rights thereto, except for the limited license under clause 10.2.3.
• **10.2.2. Data Owners' Rights.** Rights to Data from Open Sources belong to the respective Data Owners; the Platform processes only publicly available information within the limits permitted by law and platform rules.
• **10.2.3. License to the Provider.** The Customer grants the Provider a non-exclusive, royalty-free license, limited in purpose and duration of the Agreement, to use the Customer Data solely for:
  (i) providing and supporting the Services,
  (ii) improving the Services (for details, see clause 10.7)
  (iii) ensuring security/backup,
  (iv) complying with legal/governmental requirements if there is a legal basis.
• **10.2.4. Results.** Unless explicitly stated otherwise in the order/additional agreement, the rights to the Results (as a collection of automatically generated materials), excluding the Provider's materials/IP (source code, models, algorithms, templates), belong to the Customer.

10.3. Data Collection and Processing

• **10.3.1. Customer Data.** The Customer guarantees the legality of uploading/use, the availability of all necessary rights/grounds (including data subjects' consents if necessary), and compliance with the AUP/applicable law.
• **10.3.2. Data from Open Sources (Aggregation).** The Provider performs automated collection, aggregation, and processing of Data from Open Sources, including the use of AI technologies and filtering/“cleansing.” The Provider makes reasonable efforts regarding the quality of processing, but does not guarantee the absolute reliability, completeness, or relevance of such data; they are provided “**as is**.”
• **10.3.3. Independence from Sources.** The Provider does not control the availability and composition of Data from Open Sources; suspension of data access/modification/deletion of information by Data Owners is not a breach by the Provider and does not constitute a deterioration of the quality or completeness of the Services' operation.

10.4. Restrictions, Publication, and External Use

• **10.4.1. Internal Use.** The Customer uses the Data (including Results) solely for its own internal needs.
• **10.4.2. Compliance with Data Owners' Restrictions.** The Customer undertakes to independently comply with all legal/technical restrictions of Data Owners (consent to use, terms of use, robots.txt, etc.).

10.5. Reliability, Liability, and “As Is” Condition

• **10.5.1.** The Provider is not responsible for: (i) errors/inaccuracies/distortions in Data from Open Sources; (ii) the consequences of the Customer’s decisions made based on the Results. The Customer independently verifies the suitability of the Results for its purposes.
• **10.5.2.** The Provider has the right to suspend or restrict access to individual data/functions if:
  a) the Data Owner has imposed restrictions;
  b) access to the sources has been suspended/terminated; (
  c) the Customer violates the Agreement or the rules of the corresponding sources;
  d) it is necessary to comply with the law/protect third-party rights.

10.6. Export, Storage, and Deletion

• **10.6.1. Export.** During the Subscription period, the Customer has the right to export Results and, where provided by functionality, – copies of Customer Data, in supported formats.
• **10.6.2. Storage and Backups.** The Provider ensures storage and backup in the volume necessary for providing the Services and fulfilling the SLA; technical backups are retained for a limited time and then overwritten.
• **10.6.3. Deletion/Anonymization.** Upon the request of the Customer Administrator, the Provider deletes/anonymizes data within functional/legal possibilities. The procedure upon termination is in Section 19.

10.7. Use for Service Improvement.

10.8. System Data and Usage Accounting

10.9. Third-Party Claims and Indemnity.

10.10. Content Restrictions.

10.11. Security Incidents.

10.12. Form of Analytics Provision.

11.1. Confidential Information (CI): Definition.

11.2. Exclusions.

11.3. Obligations regarding CI.

11.4. Term of Confidentiality Regime.

11.5. Compelled Disclosure.

11.6. Return/Deletion.

11.7. Violation and Remedies.

11.8. Priority of Separate NDA.

11.9. Personal Data.

• **11.9.1.** If personal data is processed during the use of the Platform, the Parties are guided by the DPA (https://www.gro.now/legal/dpa) and the Privacy Policy (https://www.gro.now/legal/general-privacy-policy). Roles: Customer – operator/controller, Provider – processor (where applicable).
• **11.9.2.** Security procedures, incident notifications, cross-border transfers, and subprocessors are governed by the DPA.
• **11.9.3.** Nothing in this Section limits the Parties' obligations under the DPA and applicable PD law; in case of conflict, the DPA terms prevail regarding PD.

12.1. Approach and Division of Responsibilities.

• **12.1.1. The Provider is responsible** for the security of the Platform and the cloud infrastructure on which it is hosted (perimeter, computing resources, networks, storage, backup, logs, monitoring, and response tools).
• **12.1.2. The Customer is responsible** for the security of its Account and users (access/role management, SSO/MFA, password policy, protection of end devices/networks, secure use of API and integrations), as well as for the legality of the uploaded data.

12.2. Technical and Organizational Measures (TOMs).

• **12.2.1.** encryption of data in transit (TLS) and at rest (at the level of cloud storage/key services);
• **12.2.2.** access control based on the “least privilege” principle, role segregation, multi-factor authentication for administrative access;
• **12.2.3.** environment segmentation, secrets/keys management, token rotation;
• **12.2.4.** logging of authentication/accesses/significant system events and their monitoring;
• **12.2.5.** backup and periodic recovery testing;
• **12.2.6.** secure development and change management (code review, vulnerability analysis, managed releases);
• **12.2.7.** risk assessment and management, personnel training on security and confidentiality.

12.3. Audits and Standards.

12.4. Penetration Testing and Scanning.

12.5. Incident Notification.

12.6. Response and Mitigation.

12.7. Notification and Coordination.

12.8. Customer Responsibility for Accounts.

12.9. Business Continuity and Recovery.

12.10. Vulnerabilities and Responsible Disclosure.

12.11. Subprocessors and Suppliers.

12.12. Logs and Storage.

12.13. Limitations of Liability and Relationship with DPA.

13.1. SLA Applicability.

13.2. Availability and Metrics.

13.3. Service Credits (Sole Remedy).

13.4. Exclusions.

13.5. Credit Claim Procedure.

13.6. Support.

13.7. Scheduled Works.

13.8. Interrelation with Other Documents.

14.1. General Provisions.

14.2. LLM and Generative Components.

• **14.2.1.** Individual Platform functions use third-party LLMs (as subprocessors/technology providers) for analysis, summarization, text generation, and other operations.
• **14.2.2.** The transfer of input data (prompts/content/metadata) to such providers is carried out only to the extent necessary for the operation of the corresponding function and within the framework of the DPA and the list of subprocessors (formalized as an appendix to the DPA).
• **14.2.3.** By default, the Provider does not use Customer Data to train external models; training is allowed only on anonymized aggregated metrics or with the Customer’s separate opt-in.
• **14.2.4.** LLM outputs are probabilistic and may contain inaccuracies; the Customer must conduct a reasonable check and not rely on them as legal, medical, financial, or other professional advice.

14.3. Connection of Integrations at the Customer's Choice.

14.4. Responsibility and Limitations.

14.5. Changes and Replacement of Providers.

14.6. Cross-Border Processing.

14.7. Data Minimization and Masking.

14.8. Third-Party Licenses and Rights.

14.9. Integration Security.

14.10. Disconnection on Demand.

14.11. Priority of Documents.

15.1. Provider's Rights to the Platform.

15.2. License to the Customer for the Subscription Period.

15.3. Customer Data and Results.

15.4. Customizations and Developments by Assignment.

15.5. Feedback.

15.6. IP-Related Prohibitions.

15.7. Third-Party Components and Open Source Software.

15.8. Trademarks and Publicity.

15.9. Restriction of Implied Rights.

15.10. Residual Knowledge.

15.11. Violation of Third-Party IP.

16.1. Mutual Basic Warranties.

16.2. Provider's Limited Warranty.

16.3. Disclaimer.

• **16.3.1.** To the maximum extent permitted by law, the Platform, its functions (including generative/LLM components), Results (including those generated based on Data from Open Sources), and any related information are provided “**as is**” and “**as available**.”
• **16.3.2.** The Provider **expressly disclaims** all explicit, implied, statutory, or other warranties, including, without limitation, merchantability, fitness for a particular purpose, non-infringement, data accuracy/completeness, continuity/error-free operation beyond the SLA. The Provider does not guarantee that the Customer will achieve any business results.

16.4. LLM and Analytics.

16.5. Open Sources and External Services.

16.6. Customer Warranties.

16.7. Exclusive Remedy for Availability.

16.8. Survival.

17.1. General Rule.

17.2. Exclusion of Consequential Damages.

17.3. Liability Cap.

• **17.3.1.** For trial/free access, the limit is 0 (zero), except in cases of willful misconduct or gross negligence.
• **17.3.2.** All multiple claims/incidents in the aggregate shall not exceed the stated limit.

17.4. When the Liability Cap Does Not Apply.

17.5. Related Documents and Sole Remedy.

17.6. Third-Party Services and Open Sources.

17.7. Assistance in Damage Mitigation.

17.8. Contributory Negligence and External Causes.

17.9. Form of Claims.

17.10. Prevalence of Limitations.

18.1. Provider's Indemnification Obligation.

• **18.1.1. Remedies.** In the event of such a claim, the Provider may, at its option and expense:
  a) modify or replace the affected functionality with a non-infringing equivalent; or
  b) terminate the provision of the affected functionality with a proportional credit/refund for the unused paid period (if applicable).
• **18.1.2. Exclusions.** Indemnity is not provided if the claim is caused by:
  a) use of the Platform in combination with products/data/services not provided by the Provider;
  b) inappropriate/unauthorized use contrary to the Agreement, AUP, and related documents (see clause 1.5);
  c) modifications performed by a party other than the Provider;
  d) Trial Features;
  e) third-party services/integrations or Data from Open Sources;
  f) Customer materials (including Customer Data, Results, Customer publications).

18.2. Customer's Indemnification Obligation.

18.3. Procedure (Mandatory for both Parties).

18.4. Limitations and Priorities.

• **18.4.1.** Indemnity under clause 18.1 is the **sole and exclusive remedy** of the Customer for IP claims against the Platform.
• **18.4.2.** Exclusions/limitations of liability in Section 17 apply, **except for cases** explicitly excluded from the limit (see clause 17.4); furthermore, the exclusion of consequential damages (clause 17.2) applies, unless otherwise prescribed by a mandatory legal norm or agreed upon in writing.
• **18.4.3.** Nothing in this Section limits a Party's right to preventive remedies for confidential information (clause 11.7).

18.5. Consistency with Section 10 (Data Owners).

18.6. Mitigation.

19.1. Grounds for Suspension (in full or in part).

• **19.1.1. Non-Payment:** overdue payment for subscription, services.
• **19.1.2. AUP/Agreement Violation:** use that creates legal/security risks, infringement of third-party rights, attempts to circumvent restrictions, unfair consumption.
• **19.1.3. Security Risks/Incident:** confirmed or reasonably suspected compromise of credentials, API keys, unauthorized access, dissemination of malicious code (see Section 12).
• **19.1.4. Sanctions/Export Control/Anti-Corruption:** grounds under Section 21.
• **19.1.5. Legal/Governmental Requirement:** necessity to comply with mandatory norms/prescriptions of governmental authorities.
• **19.1.6. Sources/Data Owners:** restrictions imposed by Data Owners/platforms or termination of access to sources (see Section 10), regarding the corresponding functionality/data.

19.2. Procedure and Scope of Suspension.

19.3. Access Restoration.

19.4. Termination at the Customer's Initiative.

• **19.4.1. Without cause (future effect):** The Customer has the right to terminate the Subscription by disabling auto-renewal under clause 7.9 with termination at the end of the current paid term.
• **19.4.2. Material Breach by the Provider:** The Customer's right to terminate the Agreement arises only after the consistent completion of the following steps: (i) the Customer's appeal in the manner and within the timeframe provided for by the SLA (opening an incident/ticket, providing information, requesting a service credit, and other actions according to SLA procedures), and the failure to eliminate the breach within the recovery/response times established by the SLA, or the Provider's unjustified refusal to apply the measures provided for by the SLA; and (ii) the Customer sending a written claim in accordance with clause 20.2. If, after receiving the claim, the breach is not eliminated **within 10 calendar days**, the Customer has the right to terminate the Agreement. Deviation from SLA target metrics alone, when service credits are properly provided, **is not considered a material breach** and does not give the right to terminate, unless explicitly provided for by the SLA/signed documents.

19.5. Termination at the Provider's Initiative.

• **19.5.1. Material Breach by the Customer** (including repeated/material violation of AUP, overdue payment, violation of DPA/Section 20), not remedied within **10 calendar days** from the moment of notification (or other reasonable period indicated in the notification, if security/legal risk requires faster remediation).
• **19.5.2. Impossibility of Lawful Provision of Services:** prolonged (more than 30 days) impossibility of lawful provision of individual functions/data due to reasons beyond the Provider's control (sanctions, restrictions by Data Owners, regulatory requirements). In such a case, termination is allowed selectively regarding the affected functions with a proportional adjustment of future payments (if applicable).

19.6. Automatic Termination.

19.7. Consequences of Termination.

• **19.7.1. Access:** on the termination date, access to the Platform ceases, except for the data export window described below.
• **19.7.2. Data/Results Export:** within **30 calendar days** after termination (unless otherwise specified in the order/DPA), the Customer may request and perform export using available Platform tools. After the deadline, the Provider has the right to delete or anonymize data according to standard procedures (backups are erased according to the lifecycle).
• **19.7.3. Payments:** all accrued and unpaid amounts are payable within **10 calendar days** from the termination date. Refunds are made according to the rules described in the Billing Policy https://www.gro.now/legal/billing-policy.
• **19.7.4. Special Services/Additional Agreements:** termination of the Subscription does not automatically terminate the effect of signed Additional Agreements/Orders, unless explicitly specified therein or indicated in the termination notice; such documents remain in effect regarding the obligations provided for by their terms.

19.8. Survival.

19.9. No Waiver of Claims.

19.10. Notification Procedure.

20.1. Applicable Law.

20.2. Claim Procedure (Mandatory).

• **20.2.1.** Before applying to court/arbitration, the Parties must undergo the claim procedure. If the dispute concerns an incident, availability, metrics, or measures under the SLA, the Customer first follows the SLA procedures and waits for the actions/timeframes established by the SLA. Only in the absence of proper settlement under the SLA is a claim sent in accordance with this clause.
• **20.2.2.** The Party receiving the claim must send a reasoned response **within 10 calendar days** from the date of receipt. However, for issues of incidents/availability, the response times for elimination are governed by the SLA, and the response time for the claim is governed by this clause.
• **20.2.3.** If the dispute is not settled by SLA procedures and by claim, the Party has the right to apply for dispute resolution in court or arbitration as set out below.
• **20.2.4.** If no response is received within the specified period or if the claim is rejected, the Party has the right to apply for dispute resolution in the manner provided for below in this Section. Passing the claim procedure does not limit a Party's right to seek interim measures.

20.3. Customers from the Republic of Kazakhstan (Courts).

20.4. Foreign Clients (IAC Arbitration).

• **20.4.1. Rules and Composition:** the dispute is considered under the IAC Rules, the arbitration is composed of **one arbitrator**.
• **20.4.2. Place of Arbitration:** the city of Almaty, Republic of Kazakhstan.
• **20.4.3. Language of Arbitration:** **Russian** language.
• **20.4.4. Applicable Law:** the substantive law of the Republic of Kazakhstan.
• **20.4.5. Electronic Communications:** for the purpose of shortening the proceedings, IAC notifications to the parties (about dates/times of hearings, rulings, copies of claims, petitions, and materials), as well as the submission of petitions/claims and the sending of scanned copies of documents by the parties to the IAC, are allowed by email to iac@arbitration.kz, except in cases where the IAC requires originals.
• **20.4.6. Parties' Addresses:** electronic correspondence is conducted from the email addresses of the Parties specified in the “Full Details and Signatures of the Parties” section of the relevant Contract and/or Order, and is recognized as proper.
• **20.4.7. Electronic Proceedings:** the dispute is considered in the form of electronic arbitration proceedings (video conference) using the contact information for video communication specified by the Parties in the “Full Details and Signatures of the Parties” section of the Contract and/or Order.
• **20.4.8. Confidentiality:** the arbitration proceedings are confidential, unless otherwise provided by the IAC Rules or mandatory legal norms.

21.1. Compliance with Sanctions Regimes.

21.2. Export Control and Prohibition of Circumvention.

21.3. Due Diligence (KYC/AML).

21.4. Prohibition of Corrupt Practices.

21.5. Interaction with Government Bodies and Public Sectors.

21.6. Customer Confirmations.

21.7. Right to Refuse/Suspend.

21.8. Compliance Audit.

21.9. Liability and Indemnity.

21.10. Priority of Norms.

22.1. General Rule (Opt-in).

22.2. Text and Visual Customer Mentions (Opt-out).

• **22.2.1.** The Provider has the right to indicate the Customer's name in text and/or using its logo/Marks **without separate consent** in the list of Platform users, on the website, in presentations, marketing materials, case studies, and press releases, provided that clauses 22.5 – 22.7 are observed.
• **22.2.2. Upon the Customer's written request**, the Provider will cease further use of the Marks/mentions and will delete/replace the materials in controlled channels within a **reasonable time (usually up to 10 business days)**.
• **22.2.3.** If the Customer has not provided brand guidelines/Marks carriers, the Provider has the right to use publicly available versions of the designations **at its discretion, acting in good faith and without distorting the Marks**.

22.3. Case Materials and Testimonials (Opt-out).

• **22.3.1.** The publication of case materials, excerpts from testimonials, and other marketing materials is possible **without separate special consent**, provided that such materials **do not disclose Confidential Information** (Section 11) and do not contain commercially sensitive metrics without the Customer's explicit consent.
• **22.3.2.** The Customer has the right to request the deletion/correction of specific materials; the Provider will fulfill the request in accordance with clause 22.2.2.

22.4. License to Marks (Default).

22.5. Revocation of Consent and Cessation of Use.

22.6. Prohibition of Misleading Use.

22.7. Joint Events and PR.

22.8. Confidentiality is Preserved.

22.9. Subscription Termination.

22.10. No Remuneration.

23.1. Communication Channels.

• **23.1.1.** by email to the addresses specified in the “Full Details and Signatures of the Parties” section of the relevant Contract/Order;
• **23.1.2.** through the Platform interface (notifications/banners/support tickets — for operational messages, incidents, and SLA);
• **23.1.3.** to the addresses specified on the Provider’s “Legal Information” page or in the text of this agreement – **only for notifications addressed to the Provider**, unless a different special address is indicated in the Contract/Order;
• **23.1.4.** by other means explicitly agreed upon by the Parties (e.g., through a dedicated ticketing system or e-billing).

23.2. Form and Language.

• **23.2.1.** For counterparties – residents of EAEU member countries, notifications are sent **in written form in Russian** (English duplication is allowed).
• **23.2.2.** For counterparties – non-residents of EAEU member countries, notifications are sent **in written form in English**.

23.3. Moment of Delivery (Presumptions of Delivery).

• **23.3.1. Email** – by the time of sending recorded on the sender's server, in the absence of a non-delivery message within 24 hours; if sent outside the recipient's Business Day – considered received at the start of the next Business Day.
• **23.3.2. Notifications in the Platform interface** — by the time of publication/display in the Customer Account.
• **23.3.3. Mail/Courier shipments** (if applicable) — by the delivery service's mark of delivery.
• **23.3.4.** For communications with the IAC within the arbitration proceedings (clause 20.4), the address iac@arbitration.kz and the IAC Rules also apply.

23.4. Special Channels.

• **23.4.1. Incidents and SLA** – through the support channels specified in the SLA/“Support” section; further legally significant communications on the same subject are allowed by email according to clause 23.1.1.
• **23.4.2. Security/Leaks** — to the Provider's dedicated security address with a duplicate by email according to clause 23.1.1.

23.5. Change of Details for Notifications.

23.6. Trusted Senders and Access.

23.7. Priority of Special Rules.

24.1. Assignment and Other Disposition of Rights.

24.2. Exceptions (Without Consent):

• **24.2.1. Change of Control/Reorganization of the Customer.** Assignment/transfer in connection with a change of control, reorganization, merger, or sale of a substantial part of the Customer's assets to a third party is permitted subject to **prior written notice** to the Provider and **succession** to all of the Customer's obligations (including AUP, DPA, unpaid amounts). The Provider has the right to refuse if such transfer leads to a violation of sanctions/export requirements (Section 21) or to reasonable security/compliance risks.
• **24.2.2. Customer Affiliates.** The Customer has the right to transfer rights/obligations to an **affiliate** under the same ultimate control, with written notice **at least 10 business days** in advance and provided that there is joint and several liability with the affiliate until the obligations are fully performed.

24.3. Novation and Formalities.

24.4. Prohibition of Splitting and Circumvention.

24.5. Provider's Subcontractors.

• **24.5.1.** The Provider remains **responsible to the Customer** for the actions of such subcontractors as for its own.
• **24.5.2. Subcontractors** processing personal data or participating in the provision of Services **are considered subprocessors**; the DPA requirements apply to them, and the current list is published as an appendix to the DPA.
• **24.5.3.** The engagement/replacement of material subprocessors is carried out taking into account the notification/objection procedures provided for in the DPA; in case of critical disagreement by the Customer, the parties in good faith seek a workaround, otherwise the provisions of Section 19 apply.

24.6. Transfer of Local Access Rights.

25.1. Definition of Force Majeure.

25.2. Notification and Confirmation.

25.3. Suspension of Performance and Extension of Deadlines.

25.4. Mitigation.

25.5. SLA and Service Credits.

25.6. Prolonged Duration and Right to Terminate.

25.7.

25.7. Data Export during Force Majeure.

25.8. Inapplicability to Other Party's Monetary Obligations.

26.1. Online Version and Archive.

26.2. Update Procedure.

26.3. Material Changes (7 Calendar Days).

26.4. Non-Material/Improving Changes (Effective Immediately).

26.5. Mandatory and Urgent Changes.

26.6. Changes in Prices and Billing.

26.7. Acceptance of Amendments.

26.8. Priority of Special Documents.

26.9. Version Fixation for an Order.

27.1. General Principle.

• **27.1.1. Signed Documents** between the Parties (Contract / Additional Agreement / Order) – **only in the part explicitly regulated by them**;
• **27.1.2. This Customer Agreement**;
• **27.1.3. SLA** - regarding service levels, metrics, and service credits;
• **27.1.4. AUP** (Acceptable Use Policy) — regarding prohibitions/restrictions on use;
• **27.1.5. Rules for Conducting Surveys and Activities** – regarding the use of the Platform's functionality for launching Activities by the Customer;
• **27.1.6. Description of Rates** and published specifications/limits;
• **27.1.7. Billing Policy** – regarding the procedure for invoicing/accounting/credits;
• **27.1.8. Security Policy** – regarding procedures and technical measures;
• **27.1.9. Privacy Policy and Cookie Policy** – regarding the processing of PD by the Provider as an operator;
• **27.1.10. DPA** (Data Processing Addendum) – regarding PD processing when the Provider is the PD processor on behalf of the Customer;
• **27.1.11. Terms for API/SDK** – regarding access to API/SDK.

27.2. Local Priority of Signed Documents.

27.3. Special Rules.

• **27.3.1.** For incidents/availability and response times, the **SLA prevails**; the procedure for claims and termination rights is governed by clauses 19.4.2 and 20.4.
• **27.3.2.** For personal data and cross-border transfer, the **DPA prevails**; for API – the **Terms for API/SDK**; for AUP violations – the **AUP**.

27.4. Not Included in the Contract.

27.5. Versioning.

28.1. Entire Agreement.

28.2. Severability.

28.3. Waiver.

28.4. Independence of Parties.

28.5. Assignment of Rights upon Change of Control.

28.6. Headings and Interpretation.

28.7. Electronic Form and Copies.