Customer Onboarding

Last updated: January 27, 2025
‍
1. Definitions “Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.“AI Agent(s)” means the Alana AI customer task/service chatbot agents.
‍
“Authorized User” means an individual who is authorized by Customer to access the Services, and who has been supplied a user identification and password. Authorized Users include, for example, Customer’s employees, consultants, contractors, agents, and third parties performing services on Customer’s behalf.
‍
“Customer Data” means any electronic data or content that is submitted by or on behalf of Customer to the Services (including by an Authorized User or End User), including Training Data and the transcripts of any interactions between the AI Agent(s) and an End User.
‍
“Customer Offering” means the Customer offering/system/website with which the Services are deployed.
‍
“Documentation” means Alana AI’s published user guides and product description(s), as updated from time to time here, including, without limitation, as set out in the Order Form.
‍
“Customer End Users” mean the individual end users that interact with the AI Agent on the Customer Offering.
‍
“Non-Alana AI Products” means databases, data resources, applications and software products that interoperate with the Services and are provided by Customer or a third-party.

“Order Form” means an ordering document (including any online order) entered into between the parties that specifies the Services and/or any Expert Services to be provided hereunder.

‍“Services” means Alana AI’s Agent AI tools and platform, including all components made available by Alana AI therein, to be deployed by Customer in the Customer Offering to handle Customer tasks (e.g., customer service inquiries) via conversational interfaces. The “Services” exclude Non-Alana AI Products and Customer Data.

“Suggestions” means any feedback, recommendations, or suggestions shared by Customer or its Authorized Users regarding the Services.

“Training Data” means the Customer content and materials provided by or made available by Customer to enable Alana AI to train the AI Agents (including, without limitation, all materials contained in the Customer Offering. Non-Customer data is not used as Training Data.

1.3. Protection of Customer Data. Alana AI will maintain industry standard and reasonable administrative, physical, and technical safeguards for the security, confidentiality and integrity of Customer Data as further set forth in the Order Form. Those safeguards will include measures for preventing unauthorized access, use, modification, deletion and disclosure of Customer Data by Alana AI personnel. Before providing necessary access to Customer Data to a third-party service provider of Alana AI, Alana AI will ensure that the third-party maintains reasonable data practices for maintaining the confidentiality and security of the Customer Data and preventing unauthorized access to or use of the Customer Data. For the avoidance of doubt, Customer bears sole responsibility for adequate security, protection and backup of Customer Data when in Customer’s or its representatives or agents’ possession or control.

1.4. Data Processing Addendum. If applicable, the terms of the data processing addendum located here (“DPA”) posted as of the Effective Date are hereby incorporated by reference. Customer is solely responsible for obtaining, and represents and covenants that it has obtained or will obtain prior to Processing (as defined in the DPA) by Alana AI, all necessary consents, licenses and approvals for the Processing, or otherwise (if applicable) has a valid legal basis under applicable data protection or privacy laws for the Processing of, any Personal Data (as defined in the DPA) input by Customer or the Authorized Users and End Users as part of the Services (the “Customer Legal Basis Assurance”).

1.5. Compliance with Laws. Alana AI will comply with laws applicable to Alana AI in its provisioning of the Services to its customers generally.

1.6. Implementation. Alana AI will provide the implementation and data integration services set forth in a mutually agreed upon statement of work (“SOW”).

2. Access and Use of the Services

2.1. Authorized User Subscriptions. Customer may use, and permit its Authorized Users to access and use, the Services in accordance with this Agreement, the Order Form and applicable Documentation. Authorized User subscriptions cannot be shared or used by more than one Authorized User.

2.2. Customer Affiliates. Customer Affiliates may purchase and use the Services subject to the terms of this Agreement by executing Order Forms that incorporate this Agreement by reference, and in each such case (a) all references to “Customer” in this Agreement will be deemed to refer to such Customer Affiliate for the purposes of such Order Form; and (b) such Customer Affiliate agrees to be bound by the terms of this Agreement.

2.3. Customer Responsibilities. Customer will (a) be responsible for authorizing and authenticating the connection of any Non-Alana AI Products with the Services and for ensuring that any Authorized Users with access are appropriately permissioned; (b) be responsible for Authorized Users’ compliance with this Agreement; (c) be responsible for the accuracy, appropriateness and legality of Customer Data and Training Data; (d) be responsible for maintaining the confidentiality of its logins, passwords and accounts and for all activities that occur under its accounts; (e) use commercially reasonable efforts to prevent unauthorized access to or use of Services, and notify Alana AI promptly of any such unauthorized access or use; (f) use the Services only in accordance with applicable laws and government regulations; (g) if applicable, maintain a terms of use and privacy policy for the Customer Offering that comply with applicable laws and regulations; and (h) Customer agrees to provide the following notice, or substantially similar language, to Customer End Users. The notice must be easily accessible and clearly communicated to Customer End Users

• Use of AI System. This system is powered by artificial intelligence (AI) to assist you in resolving queries relating to [Customer insert example(s) depending on your use case] or addressing common challenges. While the system provides recommendations based on company-provided policies and data, it is not a human representative.

• Capabilities and Limitations:

◦ The AI system is designed to offer guidance based on the most accurate information available but may not always account for temporary or unforeseen changes, such as [Customer include specific examples depending on Customer’s use].

◦ You remain in control of your delivery decisions, and the system’s suggestions are intended to support—not replace—your judgment.

• Privacy and Data Use:

◦ The system may collect and process information from your interactions to provide accurate responses and improve its performance.

◦ Your data will be handled in compliance with applicable privacy laws and will not be shared with unauthorized parties.

• Human Assistance and Escalation: If the system cannot resolve your query, you can escalate the issue to a human representative at any time. Instructions for accessing support are provided within the platform or app.

• ‍Fairness and Non-Discrimination: The AI system is designed to treat all users fairly and equally. If you believe the system has provided incorrect or biased responses, please report the issue through the feedback mechanism provided.

‍• Feedback and Reporting Errors: You are encouraged to provide feedback about the system’s performance to help improve its functionality. If you encounter errors or issues with the system’s recommendations, please report them promptly.

‍• Data Security: Your interactions with the AI system are securely processed and stored. The system is intended for [Customer to include use case, e.g., work, customer service, etc.]-related queries and its misuse is prohibited.

‍Contact Information: For any questions or concerns about the system please contact [Customer include support email/phone].

2.4. Usage Restrictions. Customer may not (a) make the Services available to, or use the Services for the benefit of, anyone other than Authorized Users or End Users; (b) upload, post, transmit, or otherwise make available content or information, that (i) is unlawful or tortious, or (ii) Customer does not have a right to make available under any applicable law or under contractual or fiduciary relationships, or that infringes any patent, trademark, trade secret, copyright or other proprietary rights; (c) sublicense, resell, time share or similarly exploit the Services; (d) upload, post, transmit, or otherwise make available any content or information designed to interrupt, interfere with, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; (e) reverse engineer, modify, adapt, or hack the Services, or otherwise attempt to gain unauthorized access to the Services or its related systems or networks; (f) use the Services to send unsolicited communications or spam, or altered, deceptive or false source-identifying information, including "spoofing" or "phishing"; or (g) access the Services or the Documentation to build a product or service that competes with the Service.

2.5. HIPAA Compliance. Customer acknowledges that Alana AI is not a Business Associate or subcontractor (as those terms are defined in the Health Insurance Portability and Accountability Act and related amendments and regulations as updated or replaced “HIPAA”) and accordingly, Customer is solely responsible for complying with any obligations thereunder. Customer should not submit, collect or use, or permit the submission or collection or use any “protected health information” as defined in 45 CFR 160.103 in connection with the Services.

2.6. NO HIGH RISK USAGE. The Customer agrees that the AI Agents provided under this Agreement shall not be used in connection with any activities or environments that involve or could reasonably be expected to involve a significant risk of harm to human life, safety, health, or property. The Customer acknowledges that the AI system is not designed, certified, or intended for use in high-risk or safety-critical environments. Any such use is expressly prohibited and is outside the scope of this Agreement. Prohibited uses include, but are not limited to:

• Operation or control of emergency response systems, including police, fire, or ambulance services.

‍• Medical or healthcare applications, including diagnosis, treatment recommendations, or life-critical support systems.

‍• Aviation, navigation, or autonomous vehicle control systems, where system failure could lead to significant harm.

‍• Industrial or manufacturing equipment control, particularly in environments with dangerous machinery or hazardous materials.

‍• Military or defense applications, including the operation of weapons or related systems.

2.7. Removal Requests. If Alana AI reasonably believes that it is required to remove any Customer Data or Non-Alana AI Products, or receives information that the Customer Offering, Customer Data or a Non-Alana AI Product may violate applicable law or rights of a third-party, Customer will promptly remove such Customer Data, as the case may be, from the Services upon written notice from Alana AI (via email to Customer’s primary owner will suffice). If Customer does not take the required action in accordance with the above, Alana AI may disable the deployment of the AI Agent on the Customer Offering, remove the applicable Customer Data, or disable the applicable Non-Alana AI Product. Removal Requests. If Alana AI reasonably believes that it is required to remove any Customer Data or Non-Alana AI Products, or receives information that the Customer Offering, Customer Data or a Non-Alana AI Product may violate applicable law or rights of a third-party, Customer will promptly remove such Customer Data, as the case may be, from the Services upon written notice from Alana AI (via email to Customer’s primary owner will suffice). If Customer does not take the required action in accordance with the above, Alana AI may disable the deployment of the AI Agent on the Customer Offering, remove the applicable Customer Data, or disable the applicable Non-Alana AI Product.

2.8. Non-Alana AI Products. If Customer connects, installs or enables Non-Alana AI Products for use with the Services, Customer acknowledges that providers of those Non-Alana AI Products may have access to Customer Data in connection with the interoperation and support of such Non-Alana AI Products with the Services and the Customer Offering. To the extent Customer authorizes the access or transmission of Customer Data through a Non-Alana AI Product, Alana AI will not be responsible for any use, disclosure, modification or deletion of such Customer Data.

3. Fees and Payment
‍
‍3.1. Fees. Customer will pay all fees specified in all Order Forms and/or SOW(s). Payment obligations are non-cancelable and, except as expressly set forth in this Agreement, fees paid are non-refundable.

3.2. Invoicing and Payment. Fees will be invoiced in arrears and otherwise in accordance with the relevant Order Form and/or SOW. Alana AI will bill Customer through invoices sent via email to the billing contact designated by Customer, unless otherwise specified in the Order Form. Full payment for invoices issued must be received within thirty (30) days from the invoice date. If Customer does not pay fees by the applicable due date, Alana AI may, without limiting its other rights and remedies under this Agreement: (i) charge interest at a rate equal to 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection; and (ii) to the extent Customer is thirty (30) days or more overdue, suspend the Services, as applicable, with at least ten (10) days’ prior notice (which may be provided via email to Customer’s designated billing contact) until such amounts are paid in full.

3.3. Taxes. Except for those taxes based on Alana AI's net income, Customer will be responsible for all applicable taxes in connection with this Agreement including, but not limited to, sales, use, excise, value-added, goods and services, consumption, and other similar taxes or duties. Should any payment for the Services provided by Alana AI be subject to withholding tax by any government, Customer will reimburse Alana AI for such withholding tax.

4. Proprietary Rights

4.1. Reservation of Rights. Alana AI reserves all rights, title and interest in and to the Services, including all related intellectual property rights; Customer otherwise reserves all other rights, title and interest in and to Custom Offering including all related intellectual property rights. Customer reserves all rights, title and interest in and to Customer Data.

4.2. Limited License to Custom Offering, Customer Data. Customer grants Alana AI and its Affiliates a worldwide, non-exclusive, limited term license to access, use, copy, distribute, perform and display Customer Data to End Users through the Services, and provide necessary access to third party service providers acting on its behalf, such as Amazon Web Services, only (a) to provide, maintain, and update the Services; (b) to prevent or address service or technical problems or at Customer's request in connection with customer support matters; or (c) as compelled by law in accordance with the “Confidentiality: Compelled Access or Disclosure” section below or as expressly permitted in writing by Customer. Customer further grants Alana AI the right to crawl the Customer Offering for purposes of training the AI Agent(s). Customer Data is not used to train any AI Agent(s) used on behalf of any other Alana AI Agent or the Alana AI model(s) in general.

4.3. Suggestions. If Customer or any Authorized User or End User shares any Suggestions, then Customer grants Alana AI an unlimited, irrevocable, perpetual, sublicensable, royalty-free license to use any such Suggestions for any purpose without any obligation or compensation to Customer or any Authorized User.

4.4. Usage Information; Improvements to the Service. Alana AI may collect and analyze information relating to the use, configuration and performance of the Services (collectively “Usage Information”) for purposes of improving the Services. Customer understands that given the nature of the Services, whether it be a shared platform, multi-tenant environment, and/or unified code base, any improvements Alana AI derives from Usage Information may benefit Customer, as well as other customers generally; provided that, in no event will any use of Usage Information result in the identification of Customer to any third party (e.g., other customers) or the disclosure of Confidential Information that is not first aggregated or de-identified.

5. Term and Termination

5.1.  Term of Agreement. This Agreement commences on the Effective Date and continues until the term of all Order Forms have expired or been terminated (the “Term”). Termination of this Agreement will terminate the Order Form as well.

5.2. Term of Services Subscriptions. Services subscriptions commence on the start date specified in the applicable Order Form and continue for the term specified therein. Subscriptions to the Services will renew as described in the applicable Order Form.

5.3. Termination for Cause. Either party may terminate this Agreement effective after thirty (30) days’ notice if the other party materially breaches this Agreement and such breach is not cured within such notice period. Upon any termination for cause by Alana AI, Customer will pay any unpaid fees covering the remainder of the term of all Order Forms after the effective date of termination. In no event will any termination relieve Customer of the obligation to pay any fees payable to Alana AI for the period prior to the effective date of termination.

5.4. Portability and Deletion of Customer Data. During the Term, Customer will be permitted to export Customer Data via the Services; provided, that Customer acknowledges and agrees that such ability to export may be limited by the applicable Services plan in effect, Customer’s particular configuration, and the data retention settings enabled by Customer. For up to thirty (30) days past termination of this Agreement, to the extent Customer Data has not already been deleted by Customer, Customer may request Alana AI to provide a copy of Customer Data still stored by Alana AI. Following the expiration of such thirty (30) day term, Alana AI shall have no obligation to maintain or provide any Customer Data. Upon Customer’s deletion of its account, Alana AI shall, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control in accordance with the its data security and retention policies.

5.5. Surviving Provisions. The sections titled “Fees and Payment,” “Proprietary Rights,” “Confidentiality,” “Mutual Representations and Warranties; Disclaimers,” “Mutual Indemnification,” “Limitation of Liability,” “Termination for Cause,” “Portability and Deletion of Customer Data, “Surviving Provisions” and “General Provisions” shall survive any termination or expiration of this Agreement.

6. Mutual Representations and Warranties; Disclaimer

6.1. Representation. Each party represents that it has validly entered into this Agreement and has the legal power to do so.

6.2. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, THE SERVICES, AI AGENTS AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND ALANA AI EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CUSTOMER ACKNOWLEDGES THAT ALANA AI DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR FREE. ALANA AI MAKES NO WARRANTY REGARDING ANY NON-ALANA AI PRODUCTS.

7. LIMITATION OF LIABILITY

7.1. Exclusion of Consequential and Related Damages. IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY OR TO ANY THIRD PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

7.2. Limitation of Liability. EXCEPT FOR EXCLUDED CLAIMS (AS DEFINED IN SECTION 10.3 BELOW) AND CUSTOMER’S PAYMENT OBLIGATIONS UNDER THIS AGREEMENT, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER HEREUNDER IN THE 12 MONTHS PRECEDING THE LAST EVENT GIVING RISE TO LIABILITY. The limitations hereunder apply with respect to all legal theories, whether in contract, tort or otherwise. The provisions of this ’Limitation of Liability’ section allocate the risks under this Agreement between the parties, and the parties have relied on these limitations in determining whether to enter into this Agreement.

7.3. Excluded Claims. “Excluded Claims” means: (i) Customer’s indemnification obligations under Section 8.1; (ii) Alana AI’s indemnification obligations under Section 8.2; (iii) a party’s gross negligence, fraudulent acts or willful misconduct; (iv) Customer’s infringement or misappropriation of Alana AI’s intellectual property rights; (vi) a party’s breach of its confidentiality obligations under Section 9, excluding breaches related to Customer Data; or (vi) liability that cannot be limited by applicable laws.

8. Mutual Indemnification

8.1. Customer Indemnification. Customer shall defend Alana AI and its Affiliates, and its and their respective officers, directors, employees and contractors, from and against a suit or proceeding by a third party alleging that (a) Customer Data, or the combination or use by Customer of the Customer Offering or Non-Alana AI Products with the Services, infringes or misappropriates the intellectual property rights of a third party, (b) Customer’s breach of the Customer Legal Basis Assurance, or (c) Customer’s use of the Services violates applicable law (each, a “Claim Against Alana AI”), and shall indemnify Alana AI for any damages, attorney fees and costs finally awarded against Alana AI as a result of, or for any amounts paid by Alana AI under a court-approved settlement of, a Claim Against Alana AI; provided, however, that Customer shall have no liability under this Section 8.1 to the extent a Claim Against Alana AI arises from Alana AI’s breach of this Agreement.

8.2. Alana AI Indemnification. Alana AI shall defend Customer and its Affiliates, and its and their respective officers, directors, employees and contractors, from and against a suit or proceeding by a third party alleging that the use of the Services as permitted hereunder directly infringes or misappropriates a third party’s intellectual property right (a “Claim Against Customer”), and shall indemnify Customer for any damages, attorney fees and costs finally awarded against Customer as a result of, or for any amounts paid by Customer under a court-approved settlement of, a Claim Against Customer; provided, however, that Alana AI shall have no liability under this Section 8.2 to the extent a Claim Against Customer arises from (a) Customer Data, Customer Offering, or Non-Alana AI Products; (b) Customer’s negligence, misconduct, or breach of this Agreement; or (c) the use of any version of the AI Agents other than the most current release made available by Alana AI.

8.3. Indemnification Procedure. The indemnified party will provide the indemnifying party with prompt written notice of any claim, suit or demand, the right to assume the exclusive defense and control of any matter that is subject to indemnification, and cooperation with any reasonable requests assisting the indemnifying party’s defense and settlement of such matter.

8.4. Exclusive Remedy. This “Mutual Indemnification” section states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any type of claim described in this section.

9. Confidentiality

9.1. Definition of Confidential Information. As used herein, “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information of Customer shall include Customer Data, Confidential Information of Alana AI shall include the Services, and Confidential Information of each party shall include the terms and conditions of this Agreement and all Order Forms, as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information shall not include any information that (a) is or becomes generally available to the public without breach of any obligation owed to the Disclosing Party; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (c) is received from a third party without breach of any obligation owed to the Disclosing Party; or (d) was independently developed by the Receiving Party without use of or reliance on the Confidential Information of the Disclosing Party. This Section 9 does not apply to Alana AI’s obligations regarding use and protection of Personal Data; those obligations are specified in Sections 1.3 (Protection of Customer Data) and 1.4 (Data Protection Addendum).

9.2. Protection of Confidential Information. The Receiving Party shall (a) use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care); (b) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement; and (c) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees, contractors and agents who need such access for purposes consistent with this Agreement. Neither party shall disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates, its legal counsel and accountants or in confidence in connection with bonafide fundraising or M&A due diligence activities. Compelled Access or Disclosure. The Receiving Party may access or disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled access or disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the access or disclosure. If the Receiving Party is compelled by law to access or disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the access or disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information.

9.3. Compelled Access or Disclosure. The Receiving Party may access or disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled access or disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the access or disclosure. If the Receiving Party is compelled by law to access or disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the access or disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information.


10. General Provisions

10.1. Publicity. Unless otherwise specified in the relevant Order Form, Customer grants Alana AI the right to use Customer’s company name and logo as a reference for marketing or promotional purposes on Alana AI’s website and in other public or private communications with existing or potential Alana AI customers, subject to Customer’s standard trademark usage guidelines as provided to Alana AI from time-to-time.

10.2. Force Majeure. Neither party shall be liable hereunder by reason of any failure or delay in the performance of its obligations due to events beyond the reasonable control of such party, which may include denial-of service attacks, strikes, shortages, riots, fires, acts of God, war, terrorism, and governmental action.

10.3. Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.

10.4. No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.

10.5. Notices. Except as otherwise set forth herein, all notices under this Agreement will be in writing addressed to the parties at the address set forth in the preamble of this Agreement and will be deemed to have been duly given (a) when received, if personally delivered; (b) the first business day after sending by email; (c) the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and (d) upon receipt, if sent by certified or registered mail, return receipt requested.

10.6. Waiver. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right.

10.7. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.

10.8. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms), without consent of the other party, to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. A party’s sole remedy for any purported assignment by the other party in breach of this paragraph are those described in the “Termination for Cause” section. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

10.9. Governing Law and Venue. This Agreement, and any disputes arising out of or related hereto, shall be governed exclusively by the internal laws of the State of New York, without regard to its conflicts of laws rules or the United Nations Convention on the International Sale of Goods. The state and federal courts located in the Burrough of Manhattan in the State of New York, shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement. Each party hereby consents to the exclusive jurisdiction of such courts.

10.10. Waiver of Jury Trial; Fees. Each party hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover its reasonable costs and attorneys’ fees.

10.11. Entire Agreement. This Agreement, including all exhibits and addenda hereto and all Order Forms, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning Customer’s purchase and use of the Services. Without limiting the foregoing, this Agreement supersedes the terms of any online agreement electronically accepted by Customer (including Alana AI’s online terms of service). No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. However, to the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any exhibit or addendum hereto or any Order Form, the terms of such exhibit, addendum or Order Form shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in or accepted by Alana AI during a vendor onboarding process or web portal, a Customer purchase order, or any other Customer order documentation (excluding Order Forms) shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.
‍

Last updated: January 27, 2025

‍Addendum Background

‍Alana AI USA Inc. (“Alana AI,” “we,” or “us”) is a software as a service provider. This Data Processing Addendum (“Addendum”) supplements our Terms of Service (which, with our other Customer documents, can be found here), or other agreement in place between you (“Customer” or “you”) and Alana AI covering Customer’s use of the Services (the “Agreement”). Unless otherwise defined in this Addendum or in the Agreement, all capitalized terms used in this Addendum shall have the meanings set forth in the Definitions section below.

How to Execute this Addendum

‍1. We have pre-signed this Addendum, which includes both the main body of the Addendum and Schedule 4. Your signature is required:

•  at the bottom of the main body of this Addendum [Page 6]
‍•  at the bottom of Schedule 4 [Page 14]

2. Once you have signed in these locations and submitted them through Docusign, you will have a binding Addendum with us.

1. Scope and Term.

1.1. Roles of the Parties.

(a) Customer Personal Data. Alana AI will Process Customer Personal Data as Customer’s Processor in accordance with Customer’s instructions as outlined in Section 2.3 (Instructions).

‍(b) Customer Account Data. Alana AI will Process Customer Account Data as a Controller for the following purposes: (i) to provide and improve the Services; (ii) to manage the Customer relationship (communicating with Customer and Users in accordance with their account preferences, responding to Customer inquiries and providing technical support, etc.), (iii) to facilitate security, fraud prevention, performance monitoring, business continuity and disaster recovery; and (iv) to carry out core business functions such as accounting, billing, and filing taxes.

(c) Alana AI Usage Data. Alana AI will Process Alana AI Usage Data as a Controller for the following purposes: (i) to provide, optimize, secure, and maintain the Alana AI Services; (ii) to optimize user experience; and (iii) to inform our business strategy.(d) Description of the Processing. Details regarding the Processing of Customer Personal Data by Alana AI are stated in Schedule 1 (Description of Processing).

1.2. Term of the Addendum. The term of this Addendum coincides with the term of the Agreement and terminates upon expiration or earlier termination of the Agreement (or, if later, the date on which Alana AI ceases all Processing of Customer Personal Data).

1.3. Order of Precedence. If there is any conflict or inconsistency among the following documents, the order of precedence is: (1) the applicable terms stated in Schedule 4 (Region-Specific Terms including any transfer provisions); (2) the main body of this Addendum; and (3) the Agreement.

2. Processing of Customer Personal Data.

2.1 Customer Appointment. Customer appoints Alana AI as its Data Processor (Service Provider) and agrees that all Customer Personal Data provided to Alana AI pursuant to the Agreement and this Addendum complies with the collection, transmission and lawful processing requirements under Data Protection Laws to enable the Processing.

2.2. Obligations. Alana AI agrees to treat Customer Personal Data as Customer Confidential Information. Alana AI will not:

(a) Process Customer Personal Data other than as set out in this Addendum and in the Agreement unless upon Customer’s further written instructions or as required by a Supervisory Authority;

(b) sell Customer Personal Data; or

(c) share, use or disclose the Customer Personal Data unless it is authorized in accordance with the Agreement, this Addendum, any Order, upon Customer’s further written instructions or as required by a Supervisory Authority.

2.3. Instructions. Customer on behalf of itself and each Customer Affiliate which is the Data Controller of the Customer Personal Data instructs Alana AI:

(a) To Process Personal Data in accordance with the documented lawful instructions of Customer as stated in the Agreement (including this Addendum) and respective Orders, as necessary to (i) enable the use of various features and functionalities in accordance with the Documentation (including as directed by Users through the Services, or (ii) comply with its legal obligations. Alana AI will notify Customer if it becomes aware, or reasonably believes, that Customer’s instructions violate Data Protection Law; and

(b) Subject to the transfer requirements in Schedule 4 (Region-Specific Terms) transfer Customer Personal Data to any country or territory, in each case as reasonably necessary for the provision of the Services and consistent with this Addendum.

2.4. Description of Processing. Schedule 1 sets out the subject matter and other details regarding the Processing of the Customer Personal Data contemplated as part of the Services, including Data Subjects, categories of Personal Data, special categories of Personal Data, Subprocessors and description of Processing.

2.5 Confidentiality. Alana AI will treat Customer Personal Data as Customer’s Confidential  Information under the Agreement. Alana AI will ensure that its personnel authorized to Process Customer Personal Data are bound by written or other legally binding obligations of confidentiality.

3. Security.

3.1. Security. Alana AI has implemented and will maintain appropriate technical and organizational measures designed to protect the security, confidentiality, integrity and availability of Customer Personal Data and protect against Security Incidents. Customer is responsible for configuring the Services and using features and functionalities made available by Alana AI to maintain appropriate security in light of the nature of Customer Data. Our current technical and organizational measures are described in Schedule 2 to this Addendum. Customer acknowledges that these measures are subject to technical progress and development and that Alana AI may update or modify them from time to time, provided that such updates and modifications do not materially decrease the overall security of the Services during the term of an Order Form.

3.2. Security Incident. Alana AI will notify Customer without any undue delay, and in no event longer than 72 hours after becoming aware of a Security Incident. We will use commercially reasonable efforts to identify the cause of the Security Incident, mitigate the effects and remediate the cause to the extent within our reasonable control. Upon Customer’s written request and taking into account the nature of the Processing and the information then-available to Alana AI, we will cooperate reasonably with you and provide you the information reasonably necessary for you to meet your Security Incident notification and other obligations under Data Protection Law. Except as required by law, Alana AI will not take action to notify Customer’s Users of any Security Incident. Alana AI’ notification of a Security Incident is not a statement or admission by Alana AI of fault or liability with respect to such Security Incident.

4. Subprocessing.

4.1. General Authorization. In the course of providing our Services, we may be required to contract with Subprocessors to perform a portion of the Services. We have included as Schedule 3 a list of the Subprocessors we currently use. By entering into this Addendum, Customer authorizes Alana AI to engage the Subprocessors to Process Customer Personal Data. Alana AI will (i) enter into a written agreement with each Subprocessor imposing data protection terms that require the Subprocessor to protect Customer Personal Data to the standard required by Data Protection Law and to the same standard provided by this Addendum; and (ii) remain liable to Customer if such Subprocessor fails to fulfill its data protection obligations with regard to the relevant Processing activities under the Agreement.

4.2. Notice of New Subprocessors. We will not add any additional Subprocessors without informing you of such Subprocessors by giving you at least thirty (30) days’ notice before allowing any new Subprocessor to Process Customer Personal Data (“Subprocessor Notice Period”). Customer may object to Alana AI’ appointment of a new Subprocessor during the Subprocessor Notice Period. If you object, Customer may, as your sole and exclusive remedy, terminate the

5. Assistance and Cooperation Obligations

5.1. Data Subject Rights. Taking into account the nature of the Processing, Alana AI will provide reasonable and timely assistance to Customer to enable you to (1) respond to requests for exercising data subject’s rights (including rights of access, rectification, erasure, restriction, objection, and data portability) in respect to Customer Personal Data. If any such requests or correspondence is received directly by us, we will forward you the request or correspondence and will wait for further direction from you before taking action. We will not communicate with authorities or Your Users without receiving your advance permission, except as required by applicable law. Upon documented request from you, we will correct, supplement, modify or delete any of Customer Personal Data, except as required by applicable law.

5.2. Cooperation Obligations. Upon Customer’s reasonable request and taking into account the nature of the applicable Processing, Alana AI will provide reasonable assistance to Customer in fulfilling Customer’s obligations under Data Protection Law (including data protection impact assessments and consultations with regulatory authorities), provided that Customer cannot reasonably fulfill such obligations independently with help of available Documentation.

5.3. Regulatory Requests. Unless prohibited by Law, Alana AI will promptly notify Customer of any valid, enforceable subpoena, warrant, or court order from law enforcement or public authorities compelling Alana AI to disclose Customer Personal Data. Alana AI will follow its law enforcement guidelines in responding to such requests. In the event that Alana AI receives an inquiry or a request for information from any other third party (such as a regulator or data subject) concerning the Processing of Customer Personal Data, Alana AI will redirect such inquiries to Customer, and will not provide any information unless required to do so under applicable law.

‍6. Deletion and Return of Customer Personal Data.

6.1. During Term. During the term of the Agreement, Customer and its Users may, through the features of the Services, access, retrieve or delete Customer Personal Data.

6.2 Post Termination. Following expiration or termination of the Agreement, Alana AI must, in accordance with the Documentation, delete all Customer Personal Data. Notwithstanding the foregoing, Alana AI may retain Customer Personal Data (i) as required by Data Protection Law or (ii) in accordance with its standard backup or record retention policies, provided that, in either case, Alana AI will maintain the confidentiality of, and otherwise comply with the applicable provisions of this Addendum with respect to retained Customer Personal Data and not further Process it except as required by Data Protection Law.

7. Review, Audit and Inspection Rights.

7.1 Audit Reports. Alana AI’s datacenter is regularly audited by independent third-party auditors and/or internal auditors, including as described here]. Upon request, and on the condition that Customer has entered into an applicable non-disclosure agreement with Alana AI, Alana AI will supply a summary copy of relevant audit report(s) (“Report”) to Customer, so Customer can verify Alana AI’ compliance with the audit standards against which it has been assessed, and this Addendum. If Customer cannot reasonably verify Alana AI’ compliance with the terms of this Addendum, Alana AI will provide written responses (on a confidential basis) to all reasonable requests for information made by Customer related to its Processing of Customer Personal Data, provided that such right may only be exercised no more than once every twelve (12) months.

7.2 On-site Audits. Only to the extent Customer cannot reasonably satisfy Alana AI’ compliance with this Addendum through the exercise of its rights under Section 7.1 above, or where required by Data Protection Law or a regulatory authority, Customer, or its authorized representatives, may, at Customer’s expense, conduct audits (including inspections) during the term of the Agreement to assess Alana AI’ compliance with the terms of this Addendum. Any audit must (i) be conducted during Alana AI’ regular business hours, with reasonable advance written notice of at least sixty (60) calendar days (unless Applicable Data Protection Law or a regulatory authority requires a shorter notice period); (ii) be subject to reasonable confidentiality controls obligating Customer (and its authorized representatives) to keep confidential any information disclosed that, by its nature, should be confidential; (iii) occur no more than once every twelve (12) months; and (iv) restrict its findings to only information relevant to Customer.

8. Region-Specific Terms. To the extent Alana AI Process Customer Personal Data protected by Data Protection Laws in one of the specific regions listed in Schedule 4 (Region-Specific Terms), the terms specified for the applicable regions will also apply, including the provisions relevant for international transfers of Personal Data (directly or via onward transfer).

9. Definitions.

‍“Alana AI Account Data” means Personal Data relating to Customer’s relationship with Alana AI, including: (i) Users’ account information (e.g. name, email address, or Alana AI’ account ID); (ii) billing and contact information of individual(s) associated with Customer’s Alana AI account (e.g. billing address, email address, or name); (iii) Users’ device and connection information (e.g. IP address); and (iv) content/description of technical support requests (excluding attachments).

“Alana AI Usage Data” means Personal Data relating to or obtained in connection with the use, performance, operation, support or use of the Services. Alana AI Usage Data may include event name (i.e. what action Users performed), event timestamps, browser information, and diagnostic data. For clarity, Alana AI Usage Data does not include Customer Personal Data.

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

“Customer Personal Data'' means Personal Data contained in Customer Data and/or any Customer Materials that Alana AI Processes under the Agreement solely on behalf of Customer. For clarity, Customer Personal Data includes any Personal Data included in the attachments provided by Customer or its Users in any technical support requests.

‍“Data Protection Laws” means all laws applicable to the Processing of Personal Data under the Agreement.

“Personal Data” means information about an identified or identifiable natural person, or which otherwise constitutes “personal data”, “personal information”, “personally identifiable information” or similar terms as defined in Data Protection Laws.

“Processing” (and “Process”) means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Processor” means the entity which Processes Personal Data on behalf of the Controller.

“Security Incident'' means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data Processed by Alana AI and/or its Subprocessors.

“Subprocessor” means any third party (inc. Alana AI Affiliates) engaged by Alana AI to Process Customer Personal Data.

“Users” means any individual that Customer authorizes to use the Services, including the Authorized Users and End Users.  Users may include: (i) Customer’s and its Affiliates’ employees, consultants, contractors and agents (ii) third parties with which Customer or its Affiliates transact business (iii) individuals invited by Customer’s users (iv) individuals under managed accounts, or (v) individuals interacting with a Services as Customer’s customer.
‍
Schedule 1 Description of Processing

This Schedule forms part of the Addendum and the Clauses and must be completed and signed by the parties.  

‍Categories of data subjects: See Customer Order Form

‍Categories of data: See Customer Order Form

‍Special categories of data (if appropriate): See Customer Order Form

‍Processing operations  

‍The personal data transferred will be subject to the following basic processing activities (please specify):

• Customer Personal Data: Alana AI will Process Customer Personal Data as Processor in accordance with Customer’s instructions as set out in Section 2.3 (Customer Instructions).

• Alana AI Account Data and Alana AI Usage Data: Alana AI will Process Alana AI Account Data and Alana AI Usage Data for the limited and specified purposes outlined in Section 1.1 (Roles of the Parties).

Nature of Processing  
‍Alana AI will process personal information by handling, storing, sharing with Subprocessors, accessing and reviewing Personal Information for the Processing purposes set out in the Agreement, Orders and this Addendum. Additional information regarding the nature of the Processing (including transfer) is described in respective Orders for relevant Services and Documentation referring to technical capabilities and features, including but not limited to collection, structuring, storage, transmission, or otherwise making available of Personal Data by automated means.

Duration of Processing  
‍Alana AI will process personal information as long as necessary for the purposes described in this Addendum, unless a longer retention is required by law

‍Transfers to (Sub-)processors

‍Alana AI will transfer Customer Personal Data to Subprocessors as permitted in Section 4 (Subprocessing).

Schedule 2 Security Measures

Alana AI utilizes AWS and relies to a great extent on the technical security measures adopted by AWS. In addition to the security measures adopted by AWS, and to the extent data processing activities occur outside the AWS system, Alana AI has implemented the following technical and organizational measures to ensure the security of Customer Personal Data:

Alana AI utilizes AWS and relies to a great extent on the technical security measures adopted by AWS. In addition to the security measures adopted by AWS, and to the extent data processing activities occur outside the AWS system, Alana AI has implemented the following technical and organizational measures to ensure the security of Customer Personal Data:

1. Alana AI has adopted industry standard processes designed to ensure that unauthorized persons are prevented from gaining physical access to our premises and the rooms where data processing systems are located.

2. Employees are only allowed access to tasks assigned to them.

3. Personnel without access authorization (e.g. technicians, cleaning personnel) are accompanied all times.

4. Alana AI has processes and requirements designed to ensure that all computers processing personal data (including computers with remote access) are password protected, both after booting up and when left, even for a short period.

5. We assign individual user passwords for authentication.

6. We only grant system access to our authorized personnel and strictly limit their access to applications required for those personnel to fulfill their specific responsibilities.

7. We have implemented a password policy that prohibits the sharing of passwords, outlines procedures to follow after disclosure of a password, and requires that passwords be changed regularly.

8. We ensure that passwords are always stored in encrypted form.

9. We have adopted procedures to deactivate user accounts when an employee, agent, or administrator leaves Alana AI or moves to another responsibility within the company.

10. We use industry standard technologies to prevent the installation and use of unauthorized hardware and software in our premises.

11. We have established rules for the safe and permanent destruction of data that are no longer required.

12. Except as necessary for the provision of the Services, Customer Personal Data cannot be read, copied, modified or removed without authorization during transfer or storage.

13. We encrypt data during any transmission.

14. We are able to retrospectively examine and establish whether and by whom Customer Personal Data has been entered into data processing systems, modified or removed.

15. We log administrator and user activities

16. We process the personal data received from different clients so that in each step of the processing the Controller can be identified and so that data is always physically or logically separated.

17. We create back-up copies stored in protected environments.

18. We perform regular restore tests from our backups.

19. We have created business recovery strategies.

20. We do not use personal data for any purpose other than what have been contracted to perform.

21. We do not remove Customer Personal Data from our business computers or premises for any reason (unless you have specifically authorized such removal for business purposes).

22. Whenever a user leaves his or her desk unattended during the day and prior to leaving the office at the end of the day, he or she is required to place any documents containing Customer Personal Data in a secure environment such as a locked desk drawer, filing cabinet, or other secured storage space.

23. We ensure that each computer system runs a current anti-virus solution.

24. We have obtained the written commitment of our employees to maintain confidentiality and to comply with our requirements under the Addendum and the GDPR.

25. We regularly train our staff on data privacy and data security.

Schedule 3 List of SubProcessors

Hosting and Storage

Amazon • Application and Data Hosting

‍Communication and Collaboration Platforms

‍Microsoft • Analytics and TTS functionality
Google Analytics • Application Advertising Analytics
Cartesia • Speech to text Deep Gram Speech to text
Salesforce, Inc. • Customer communication (Slack)
Twilio, Inc. • Telephony
Cloudflare, Inc.• Content delivery and edge web servicing

Schedule 4 Region-Specific Terms

Additional definitions are set out in Section 4.

‍1. Europe, United Kingdom and Switzerland.

1.1. Customer Instructions. In addition to Section 2.3 (Customer Instructions) of the Addendum above, Alana AI will Process Customer Personal Data only on documented instructions from Customer, including with regard to transfers of such Customer Personal Data to a third country or an international organization, unless required to do so by Data Protection Laws to which Alana AI is subject; in such a case, Alana AI shall inform Customer of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest. Alana AI will promptly inform Customer if it becomes aware that Customer's Processing instructions infringe Data Protection Laws.

1.2. European Transfers. Where Personal Data protected by the EU Data Protection Laws is transferred, either directly or via onward transfer, to a country outside of Europe that is not subject to an adequacy decision, the following applies:

(a) The EU SCCs are hereby incorporated into this Addendum by reference as follows:

(i) Customer is the “data exporter”
(ii) Digital Arbitrage, Inc., (d/b/a Alana AI) is the “data importer”. Alana AI is a hospitality management service in which the Services stores and  processes personal information, guest information, business information, and employee information for the  purposes of centralizing hospitality business data and services to the organization in accordance to the terms  of the Agreement.
(iii) Module One (Controller to Controller) applies where Alana AI is Processing  Alana AI Account Data or Alana AI Usage Data.
(iv) Module Two (Controller to Processor) applies where Customer is a Controller of Customer Personal Data and Alana AI is Processing Customer Personal data as a Processor.
(v) Module Three (Processor to Processor) applies where Customer is a Processor of Customer Personal Data and Alana AI is Processing Customer Personal Data as another Processor.
(vi) By entering into this Addendum and signature below, each party is deemed to have signed the EU SCCs as of the commencement date of the Agreement.
(b) For each Module, where applicable:
(i) In Clause 7, the optional docking clause does not apply.
(ii) In Clause 9, Option 2 applies, and the time period for prior notice of Subprocessor changes is stated in Section 4 (Subprocessing) of this Addendum.
(iii) In Clause 11, the optional language does not apply.
(iv) In Clause 17, Option 1 applies, and the EU SCCs are governed by Irish law.
(v) In Clause 18(b), disputes will be resolved before the courts of Ireland.
(vi) The Appendix of EU SCCs is populated as follows:
• The information required for Annex I(A) is located in the Agreement and/or relevant Orders.
• The information required for Annex I(B) is located in Schedule 1 (Description of Processing) of this Addendum.
• The competent supervisory authority in Annex I(C) will be determined in accordance with the Data Protection Laws; and
• The information required for Annex II is located in Schedule 3 (Technical and Organizational Measures) of this Addendum.

1.3 Swiss Transfers. Where Personal Data protected by the Swiss FADP is transferred, either directly or via onward transfer, to any other country that is not subject to an adequacy decision, the EU SCCs apply as stated in in Section 1.2 (European Transfers) above with the following modifications:

(a) All references in the EU SCCs to “Regulation (EU) 2016/679” will be interpreted as references to the Swiss FADP, and references to specific Articles of “Regulation (EU) 2016/679” will be replaced with the equivalent article or section of the Swiss FADP; all references to the EU Data Protection Law in this Addendum will be interpreted as references to the FADP.

(b) In Clause 13, the competent supervisory authority is the Swiss Federal Data Protection and Information Commissioner.

(c) In Clause 17, the EU SCCs are governed by the laws of Switzerland.

(d) In Clause 18(b), disputes will be resolved before the courts of Switzerland.

(e) All references to Member State will be interpreted to include Switzerland and Data Subjects in Switzerland are not excluded from enforcing their rights in their place of habitual residence in accordance with Clause 18(c).

1.4 United Kingdom Transfers. Where Personal Data protected by the UK Data Protection Laws is transferred, either directly or via onward transfer, to a country outside of the United Kingdom that is not subject to an adequacy decision, the following applies:

(a) The EU SCCs apply as set forth in Section 1.2 (European Transfers) above with the following modifications:

(i) By signature below, each party shall be deemed to have signed the UK Addendum.
(ii) For Table 1 of the UK Addendum, the parties’ key contact information is located in the Agreement and/or relevant Orders.
(iii) For Table 2 of the UK Addendum, the relevant information about the version of the EU SCCs, modules, and selected clauses which this UK Addendum is appended to is located above in Section 1.2 (European Transfers) of this Schedule.
(iv) For Table 3 of the UK Addendum:

• The information required for Annex 1A is located in the Agreement and/or relevant Orders.
• The Information required for Annex 1B is located in Schedule 1 (Description of Processing) of this Addendum.
• The information required for Annex II is located in Schedule 3 (Technical and Organizational Measures).
• The information required for Annex III is located in Section 4 (Sub-processing) of this Addendum.

(b) In Table 4 of the UK Addendum, both the data importer and data exporter may end the UK Addendum.

4. Definitions.

4.1 Where Personal Data is subject to the laws of one the following regions, the definition of “Data Protection Laws” includes:

a) Canada: the Canadian Personal Information Protection and Electronic Documents Act;

b) Europe: (i) the Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation, or GDPR) and (ii) the EU e-Privacy Directive (Directive 2002/58/EC) as amended, superseded or replaced from time to time (“EU Data Protection Law”);

c) Switzerland: the Swiss Federal Act on Data Protection and its implementing regulations as amended, superseded, or replaced from time to time (“Swiss FADP”);

d) The United Kingdom: the Data Protection Act 2018 and the GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 as amended, superseded or replaced from time to time (“UK Data Protection Law”); and

e) The United States: all state laws relating to the protection and Processing of Personal Data in effect in the United States of America, which may include, without limitation, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (“CCPA”), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act (“US State Privacy Laws”).

f) “Europe” includes, for the purposes of this DPA, the Member States of the European Union and European Economic Area.

g) “EU SCCs” means the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as amended, superseded, or replaced from time to time.

h) “Service Provider” has the same meaning as given in the CCPA

i) “UK Addendum” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner, Version B1.0, in force 21 March 2022, as amended, superseded or replaced from time to time.‍‍‍‍
‍

1. Definitions

‍• “Agent Call”: A single interaction initiated by an end-user to the AI agent (voice or text) utilizing the platform’s functionality.

• “User License”: A subscription or authorization permitting named or concurrent users to access the admin console or related services.

• “Onboarding/Implementation”: The initial configuration and integration of the AI agent with Customer’s environment, including knowledge base integration, workflow setup, and technical integrations.

2. Platform Inclusions

‍• Access to AI agent platform with configurable conversational flows

• Administrative dashboard with analytics, reporting, and performance metrics.

• Integration with Customer’s CRM or ticketing system (e.g., Salesforce, Zendesk) as agreed in the onboarding plan.

3. Platform Features

‍• Customer Service Workflow Automation (ticket creation, status updates, FAQs).

• Knowledge Base Integration.

• Multi-Channel Support (voice, chat, potentially SMS or messaging apps).

• Routine Task Automation (e.g., password resets, order status queries).

4. Security Features

‍• Data encryption (in transit and at rest).

• Role-based access controls.

• Regular security audits.

• Compliance with applicable data protection laws and regulations.

5. Integrations

‍• Initial integration with [e.g., Salesforce, Zendesk, Custom CRM] as per the agreed onboarding scope.

• Additional integrations subject to separate fees and SOWs.

‍

This Service Level Agreement (SLA) outlines the performance standards, responsibilities, and expectations for the Alana AI Agents inquiries. This SLA is designed to ensure that the AI Agents deliver consistent, high-quality service while meeting operational and technical requirements.

1. Scope of Service

‍The AI Agents will:

• Respond to customer inquiries via text-based channels (e.g., live chat, email, messaging apps) and voice-based channels (e.g., phone calls, voice assistants).

• Perform actions based on customer requests, such as:

◦ Retrieving account information.
◦ Processing transactions.◦ Scheduling appointments.
◦ Providing product or service recommendations.
◦ Escalating complex issues to human Agents when necessary.
◦ Operate 24/7 unless otherwise specified.

2. Target Performance Metrics

‍The following key performance indicators (KPIs) will be used to measure the effectiveness of the AI Agents:

2.1. Target Response Time

• Text-based inquiries:
◦ Average response time: ≤ 1 seconds.
◦ 95% of responses delivered within ≤ 2 seconds.
• Voice-based inquiries:
◦ Average response time: ≤ 2 second.
◦ 95% of responses delivered within 3 seconds.

2.2. Target Resolution Rate

‍• First-contact resolution (FCR):

◦ Target: ≥ 75% of inquiries resolved without escalation to a human Agent.
◦ Escalation rate:Target: ≤ 25% of inquiries escalated to human Agents.

2.3. Accuracy

‍• Intent recognition accuracy:
◦ Target: ≥ 95% accuracy in understanding customer intent.
• Action execution accuracy:
◦ Target: ≥ 98% accuracy in performing requested actions.

2.4. Availability

‍• Uptime:
◦ Target: ≥ 99.9% uptime for AI Agent services.
• Downtime:
◦ Target maximum allowable downtime: 43 minutes per month (excluding emergency maintenance).

2.5. Customer Satisfaction (CSAT)
‍• Target: ≥ 90% customer satisfaction rate based on post-interaction surveys.

3. Responsibilities

‍3.1. Service Provider Responsibilities

‍Alana AI  will:

• Ensure the AI Agents are trained on up-to-date data (subject to provision of such data by Customer in a timely manner) and maintain high accuracy in understanding and responding to Inquiries.

• Monitor performance metrics in real-time and provide monthly reports.

• Perform regular maintenance, updates, and bug fixes for optimal performance.

• Provide a fallback mechanism (e.g., human agent escalation) for unresolved or complex inquiries.

3.2. Client Responsibilities

‍The customer will:

• Provide accurate and up-to-date data for training and updating the AI Agents.

• Provide tier 1 support to Customer Users.

• Notify Alana AI of any changes in business processes or customer service policies that may impact AI Agent performance.Provide feedback on AI agent performance to facilitate continuous improvement.

4. Escalation ProcessIf the AI agent cannot resolve a customer Inquiry, the following escalation process will be followed:

Level 1: AI agent attempts to resolve the Inquiry using predefined workflows and knowledge bases.
‍Level 2: If unresolved, the enquiry is escalated to a human agent with all relevant context and customer history.
‍Level 3: Complex or sensitive issues are escalated to specialized teams (e.g., technical support, billing department).

Escalation time: ≤ 30 seconds from AI Agent to human Agent.

5. Maintenance and Updates‍

‍Scheduled maintenance: Will be communicated at least 48 hours in advance and performed during off-peak hours.
‍Unscheduled maintenance: Limited to critical issues and will not exceed 15 minutes without prior approval.
‍Updates: AI models and workflows will be updated quarterly or as needed to improve performance and accuracy.

6. Reporting and Review

‍• Monthly performance reports will be provided, including:
◦ Response times.
◦ Resolution rates.
◦ Escalation rates.
◦ Customer satisfaction scores.
◦ Downtime and uptime statistics.
• Quarterly reviews will be conducted to assess performance and identify areas for improvement.

7. Penalties and Remedies

‍• If the service provider fails to meet the agreed-upon SLA metrics, the following remedies will apply:

◦ Response time breaches: Credit equal to 5% of the monthly service fee for each hour of non-compliance.
‍◦ Uptime breaches: Credit equal to 10% of the monthly service fee for each hour of downtime beyond the allowed limit.
‍◦ Accuracy breaches: Free retraining or updates to improve accuracy within 30 days.

8. Termination

‍• Either party may terminate this agreement with 30 days' written notice if the other party fails to meet SLA obligations consistently overa 3-month period.
‍‍‍