Privacy Policy & Data Processing Addendum

This Privacy Policy and Data Processing Addendum (collectively, the "Policy") describes how PromotePlus.ai ("Company," "we," "us," or "our") collects, uses, processes, stores, discloses, transfers, and otherwise handles personal information and other data in connection with the Services.

This Policy is incorporated into and subject to the Terms of Use.

BY ACCESSING OR USING THE SERVICES, YOU ACKNOWLEDGE AND AGREE TO THIS POLICY.

1. SCOPE; ROLES; RELATIONSHIP OF THE PARTIES

The Services, as provided by Company, are intended to deliver software-as-a-service (SaaS) solutions, including but not limited to IDX-enabled websites, customer relationship management (CRM) platforms, marketing automation, AI-generated content, advertising campaign management, SMS and mobile communications, analytics, and other integrations or features expressly included in the Service offerings ("Services"). Customer acknowledges that the Services are provided strictly on the terms and conditions set forth herein and in any other agreements between Customer and Company.

1.1 Scope of Services

Customer acknowledges and agrees that:

• The Services are provided solely for the internal business purposes of Customer and for the management, marketing, and engagement of Customer's end users, leads, prospects, and contacts;
• Company may provide technical, functional, or operational integrations with third-party services, including IDX/MLS feeds, AI platforms, advertising networks, analytics providers, CRM integrations, and SMS or communications platforms, but such integrations are provided solely for Customer's convenience and do not expand, limit, or alter the terms, obligations, or liabilities set forth in this Policy or any agreement;
• Company may update, modify, suspend, or discontinue certain features, modules, or integrations of the Services at its sole discretion without liability, provided that such changes do not materially diminish the core functionality contracted by Customer, except as permitted under applicable law.

1.2 Roles of the Parties

Customer and Company each have distinct and independent roles with respect to the Services:

Company's Role: Company provides, maintains, and operates the Services, including the infrastructure, security measures, technical support, software updates, and any optional integrations with third-party platforms. Company may collect, process, store, and transfer Customer Data only as necessary to provide the Services in accordance with this Policy and applicable law. Company does not control, manage, or assume responsibility for Customer's use of the Services, including Customer's submissions, communications, marketing campaigns, IDX feeds, AI-driven outputs, or interactions with third-party services.

Customer's Role: Customer is solely responsible for the content, accuracy, legality, compliance, and use of any data submitted to or processed through the Services. Customer shall ensure that all use of the Services complies with applicable laws, rules, regulations, and industry standards, including but not limited to privacy, advertising, telecommunication, and intellectual property laws. Customer shall obtain all necessary consents, authorizations, and notices required to lawfully process Customer Data or end-user data.

1.3 Independent Contractors

Nothing in this Policy, or in any agreement between Customer and Company, shall be construed as creating a partnership, joint venture, agency, fiduciary relationship, or employment relationship between the Parties. Neither Party shall have the authority to bind or obligate the other in any manner, and neither Party is responsible for the actions, omissions, or liabilities of the other Party, except as expressly set forth herein.

1.4 Allocation of Risk and Liability

Customer acknowledges that it assumes all risk associated with its use of the Services, including any interactions with third-party integrations, AI outputs, IDX feeds, CRM functionality, advertising campaigns, SMS communications, or marketing automation. Company expressly disclaims liability for:

• Any loss, damage, misprocessing, unauthorized access, or misuse of Customer Data;
• Any failure of Customer to comply with applicable laws, regulations, or contractual obligations;
• Actions, omissions, or outputs of third-party service providers integrated with or accessed through the Services.

1.5 Survival

The provisions of this section shall survive the termination, expiration, or suspension of the Services or any agreement between Customer and Company and shall remain in full force and effect with respect to all Customer Data, obligations, liabilities, or interactions arising during the term of the Services.

2. CATEGORIES OF DATA

Customer acknowledges and agrees that, in connection with the provision of the Services, Company may collect, process, store, transmit, and otherwise access various types of data, including personal information, sensitive information, usage data, technical metadata, and any other information submitted by Customer, its end users, or generated through the Services ("Customer Data"). Such data may be collected directly from Customer, through Customer's interactions with the Services, via third-party integrations, or through automated processes such as AI-generated content, analytics, IDX/MLS feeds, advertising platforms, CRM workflows, or SMS and other mobile communications.

2.1 Personal Information

Personal information may include, without limitation, any information that identifies or could reasonably be used to identify, contact, or locate an individual, such as:

• Names, usernames, or aliases;
• Contact information, including email addresses, phone numbers, and mailing addresses;
• Account credentials, authentication data, or login identifiers;
• Property preferences, search history, or lead and client information submitted through IDX/MLS feeds, CRM forms, or website interactions;
• Demographic information, such as age, gender, or location;
• Financial or transaction information, including billing data and payment method details;
• Any other information provided by Customer or end users in connection with the Services.

2.2 Sensitive and Special Categories of Data

To the extent applicable, sensitive or special categories of data may be collected, such as:

• Geolocation data or coordinates;
• Audio, video, or image content submitted for AI processing or IDX display;
• Communications content, including SMS, chat, or email content;
• Behavioral, preference, or usage data for personalized marketing, analytics, or AI-generated recommendations.

Customer is solely responsible for ensuring that any sensitive or special category data is collected, submitted, or processed in compliance with applicable laws, including GDPR, UK GDPR, CCPA/CPRA, and other federal, state, or international regulations.

2.3 Technical and Usage Data

Technical and usage data collected may include, without limitation:

• IP addresses, browser types, device identifiers, and operating system information;
• Interaction logs, clickstream data, page views, search queries, and feature usage;
• Cookies, web beacons, pixels, SDK data, or other tracking mechanisms;
• Analytics, diagnostic, or error-reporting data generated by the Services or third-party integrations;
• Metadata associated with communications, content submissions, or AI-generated outputs.

2.4 Third-Party and Integrated Data

Customer acknowledges that the Services may interact with or integrate third-party platforms, including IDX/MLS systems, advertising networks, AI services, CRM tools, analytics providers, SMS platforms, and cloud services. Customer Data may be transmitted to, processed by, or stored with such third-party providers, and Customer assumes all responsibility for compliance with applicable laws, consents, and contractual obligations in connection with such third-party interactions. Company disclaims liability for third-party handling of Customer Data.

2.5 Aggregated and Derived Data

The Services may generate aggregated, anonymized, or derived data from Customer Data for purposes such as service improvement, analytics, benchmarking, reporting, AI training, marketing optimization, or operational insights. Such data does not identify specific individuals and may be used at Company's discretion, provided it is consistent with applicable law.

2.6 Customer Responsibility

Customer is solely responsible for determining the categories of data submitted to the Services and ensuring that all collection, processing, transmission, and storage comply with applicable laws, regulations, and contractual obligations. Customer shall obtain all required consents from end users, leads, or other data subjects and shall implement appropriate safeguards for sensitive, personal, or special category data.

2.7 Survival and Retention

The obligations and responsibilities set forth in this section shall survive any termination, expiration, or suspension of the Services or any agreement between Customer and Company and shall continue to apply to all Customer Data collected, processed, or transmitted during the term of the Services.

3. PURPOSES OF PROCESSING

Customer acknowledges, understands, and agrees that Company may collect, receive, process, store, analyze, transmit, and otherwise use Customer Data, including personal information, sensitive information, technical metadata, behavioral data, and aggregated or derived data, for multiple purposes necessary to provide, operate, maintain, improve, and secure the Services, as well as to comply with applicable laws, regulations, or contractual obligations. Such processing is conducted in accordance with this Policy, any applicable agreements, and all relevant federal, state, and international privacy and data protection laws, including but not limited to GDPR, UK GDPR, CCPA/CPRA, VCDPA, CDPA, CTDPA, and other applicable legislation.

The purposes of processing Customer Data include, without limitation:

3.1 Provision, Operation, and Delivery of the Services

Customer Data may be processed to:

• Provide, maintain, and deliver all functionality of the Services, including IDX-enabled websites, CRM platforms, marketing automation, AI-generated content, advertising campaign management, SMS and other mobile communications, analytics, and integrations with third-party platforms;
• Authenticate, authorize, and verify access to Customer accounts, logins, and administrative functions;
• Enable interaction, collaboration, and workflow management within the Services;
• Monitor, troubleshoot, and maintain system integrity, availability, and performance.

3.2 Customer Support, Maintenance, and Technical Assistance

Customer Data may be processed to:

• Respond to Customer inquiries, service requests, complaints, or support tickets;
• Provide technical support, guidance, or assistance for Service usage;
• Identify, diagnose, and resolve errors, disruptions, or security incidents;
• Conduct maintenance, updates, patches, or upgrades to ensure ongoing functionality and security.

3.3 Marketing, Communications, and Customer Engagement

Customer Data may be processed to:

• Enable SMS, email, push notification, and other communications for account updates, transactional notifications, alerts, reminders, and promotional content;
• Facilitate marketing campaigns, including social media, search engine advertising, email campaigns, and other marketing channels;
• Analyze engagement, performance, and response rates to optimize marketing content and delivery;
• Personalize user experiences, content, recommendations, or offers using AI-driven analytics or other automated systems.

3.4 Compliance, Risk Management, and Legal Obligations

Customer Data may be processed to:

• Comply with applicable laws, regulations, industry standards, and contractual obligations;
• Detect, prevent, and investigate fraud, misuse, unauthorized access, or illegal activity;
• Manage risks, audits, and reporting obligations imposed by governmental, regulatory, or contractual authorities;
• Protect the rights, property, and security of Company, Customer, and end users.

3.5 Analytics, Research, and Service Improvement

Customer Data may be processed to:

• Conduct analytics, benchmarking, reporting, and business intelligence to improve the Services;
• Generate aggregated, anonymized, or derived data for operational insights, AI training, and marketing optimization;
• Test, develop, and enhance algorithms, AI models, features, and system performance;
• Inform product design, feature enhancements, and strategic business decisions.

3.6 Third-Party Integrations and Operational Necessity

Customer Data may be processed in connection with third-party integrations, including IDX/MLS platforms, CRM vendors, AI service providers, advertising networks, analytics platforms, SMS providers, cloud services, or other tools necessary to provide, maintain, or enhance the Services. Company expressly disclaims liability for the processing practices of such third parties, and Customer assumes all responsibility for ensuring lawful use, necessary consents, and compliance with applicable regulations.

3.7 Security, Retention, and Recordkeeping

Customer Data may be processed to:

• Implement administrative, technical, and organizational safeguards to protect the integrity, confidentiality, and availability of data;
• Retain records, logs, and metadata necessary for auditing, regulatory compliance, or legal purposes;
• Enable lawful deletion, anonymization, or archival of data consistent with applicable retention policies.

3.8 Customer Responsibility and Risk Assumption

Customer acknowledges that it is solely responsible for determining the purposes for which it collects and submits data to the Services and ensuring that all processing carried out in connection with the Services is lawful, authorized, and compliant with applicable laws, regulations, and contractual obligations. Customer assumes all risk associated with any misuse, unauthorized access, or noncompliance arising from its data processing practices.

3.9 Survival

The obligations, rights, and responsibilities set forth in this section shall survive any termination, suspension, or expiration of the Services or any agreement between Customer and Company, and shall continue to apply to all Customer Data collected, processed, or transmitted during the term of the Services.

4. NO SALE OF PERSONAL INFORMATION; LIMITED DISCLOSURE; THIRD-PARTY PROCESSING DISCLAIMER

Company does not sell, rent, or otherwise disclose personal information to third parties for monetary consideration or for the purpose of independent commercial exploitation by such third parties. Without limiting the foregoing, Company does not engage in the sale of personal information as that term is defined under applicable privacy laws, including without limitation the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), except to the extent that certain data sharing activities may be deemed a "sale" or "sharing" under broadly defined statutory interpretations, in which case such activities are intended solely to facilitate the operation, improvement, and delivery of the Services and not for independent third-party use.

Notwithstanding the foregoing, Customer acknowledges and agrees that Company may disclose, transmit, or otherwise make available personal information and other data to third-party service providers, subprocessors, integration partners, advertising platforms, multiple listing services (MLS), IDX data providers, analytics providers, infrastructure providers, communication service providers (including SMS and email delivery vendors), and other third parties as necessary or reasonably appropriate to provide, operate, maintain, support, improve, and secure the Services, including without limitation the execution of Customer-directed activities such as marketing campaigns, advertising placements, CRM functionality, data synchronization, and API-based integrations.

Customer further acknowledges and agrees that, to the extent data is transmitted to or accessed by third-party platforms, systems, or services at the direction of Customer or as an inherent component of the Services, such third parties may independently collect, use, process, store, combine, or otherwise handle such data in accordance with their own terms, policies, and practices, which are outside the control of Company. Company does not control, monitor, or assume responsibility for the data handling practices, security measures, retention policies, or regulatory compliance of such third parties.

To the fullest extent permitted by applicable law, Company expressly disclaims any and all liability arising from or related to the acts or omissions of third parties, including without limitation any unauthorized access, data breach, misuse, resale, re-identification, aggregation, retention, disclosure, or other processing of data by such third parties, whether occurring during transmission, after transfer, or otherwise. Customer assumes all risks associated with the use of third-party services, integrations, and platforms, including without limitation advertising platforms, CRM integrations, IDX providers, and communication vendors.

Customer is solely responsible for reviewing, understanding, and complying with the terms, privacy policies, and data processing practices of all third-party services with which it chooses to integrate or interact through the Services, and for ensuring that all necessary disclosures, consents, and authorizations are obtained from end users prior to the collection or sharing of personal information with such third parties.

5. COOKIES, TRACKING, AND CROSS-CONTEXT BEHAVIORAL ADVERTISING

The Services may use cookies, web beacons, pixels, local storage, SDKs, and other tracking technologies ("Tracking Technologies") to enhance functionality, improve user experience, measure performance, deliver analytics, enable CRM and IDX integrations, facilitate advertising, and provide personalized or automated content, recommendations, or communications, including cross-context behavioral advertising.

5.1 Use of Tracking Technologies

Customer acknowledges and agrees that Company and its authorized third-party service providers may deploy Tracking Technologies in connection with the Services, including but not limited to:

• Website and application analytics and performance measurement;
• CRM and marketing automation platforms;
• IDX and MLS integrations for real estate listings;
• AI-generated content, recommendations, or automated decision-making;
• Advertising platforms, including Google Ads, Facebook Ads, and other digital marketing networks;
• SMS, email, and push communications.

Tracking Technologies may collect information about device identifiers, browsing behavior, interactions with the Services, IP addresses, location information, or other usage data. Such information may be combined with other data to provide personalized or targeted content, marketing, or automated recommendations.

5.2 Customer Acknowledgment and Consent

Customer represents and warrants that it has obtained all required consents, authorizations, and disclosures from end users or data subjects as may be required by applicable law, including but not limited to GDPR, UK GDPR, CCPA, CPRA, VCDPA, and other state, federal, or international privacy regulations. Customer assumes full responsibility and liability for compliance with such consent and disclosure obligations.

5.3 Third-Party Tracking

Customer acknowledges that Tracking Technologies may include third-party services, including advertising networks, analytics providers, AI platforms, CRM integrations, and IDX/MLS feeds. Company expressly disclaims any responsibility or liability for:

• Collection, use, or processing of data by third parties;
• Accuracy, security, or legality of third-party tracking;
• Outputs, targeting, or recommendations generated by third-party technologies;
• Noncompliance by third parties with privacy, security, or regulatory obligations.

5.4 Opt-Out and Control

End users may have the ability to control or opt out of certain Tracking Technologies, including cookies, web beacons, or behavioral advertising, through browser settings, device settings, or industry opt-out mechanisms. Company is not responsible for the effectiveness of any such opt-out controls and does not guarantee complete suppression of all tracking.

5.5 Data Retention and Use

Information collected through Tracking Technologies may be retained in accordance with the Data Retention and Deletion policies set forth in this Policy and may be used for lawful business purposes, including service improvement, analytics, CRM, marketing, advertising, AI training, or other operations necessary to deliver the Services.

5.6 Liability Limitation

To the fullest extent permitted by law, Company shall have no liability for any damages, losses, or claims arising from the use of Tracking Technologies, cross-context behavioral advertising, automated content, or data collection practices, whether caused by Company, third-party service providers, or end-user interactions. Customer assumes all responsibility and risk for compliance with applicable privacy, security, and advertising laws.

5.7 International Compliance

Customer acknowledges that use of Tracking Technologies may result in the collection, transfer, or processing of personal information across jurisdictions. Customer assumes full responsibility for ensuring compliance with all applicable international, federal, and state privacy and marketing laws, including GDPR, UK GDPR, CCPA, CPRA, VCDPA, COPPA, and any local or regional requirements.

6. SMS, TEXT MESSAGING, AND MOBILE COMMUNICATIONS

The Services may include, or facilitate through integrations, the ability to send or receive text messages, SMS, MMS, push notifications, or other mobile communications ("Mobile Communications") to or from Customer, end users, or other individuals. Customer acknowledges and agrees that the use of Mobile Communications is subject to applicable federal, state, and international laws, including without limitation the Telephone Consumer Protection Act (TCPA), CAN-SPAM Act, California Consumer Privacy Act (CCPA/CPRA), General Data Protection Regulation (GDPR), UK GDPR, and other relevant privacy and marketing regulations.

6.1 Customer Responsibility for Consent

Customer represents and warrants that it has obtained all necessary, valid, and legally sufficient consent from recipients prior to sending Mobile Communications, including any opt-in required under applicable law. Customer is solely responsible for maintaining records of such consent, ensuring accuracy, and complying with all applicable requirements regarding opt-in and opt-out mechanisms.

6.2 Content and Purpose of Mobile Communications

Mobile Communications may include, without limitation:

• Account updates, service notifications, alerts, reminders, or confirmations;
• Marketing, promotional, or advertising content, including cross-platform campaigns and AI-generated recommendations;
• IDX/MLS notifications, property updates, or lead follow-up communications;
• CRM or workflow-triggered automated messages.

Customer acknowledges that message frequency may vary based on Service usage, campaigns, or automated triggers.

6.3 Opt-Out Rights

Recipients may opt out of Mobile Communications at any time by replying with standard opt-out commands such as "STOP," "UNSUBSCRIBE," or similar instructions. Company will ensure that requests are processed to the extent technically feasible; however, Customer remains responsible for honoring opt-out requests in accordance with applicable law and this Policy. After opting out, recipients will not receive further Mobile Communications unless they subsequently opt back in.

6.4 Third-Party Providers and Integrations

Mobile Communications may be facilitated through third-party service providers, including SMS gateways, telecommunication carriers, advertising platforms, AI messaging engines, IDX/MLS integrations, or marketing platforms. Company does not control these third parties, and expressly disclaims any liability for their actions, security practices, or compliance with applicable laws. Customer assumes all risk and responsibility for the use of third-party providers in connection with Mobile Communications, including but not limited to compliance with TCPA, CAN-SPAM, GDPR, CPRA, and other applicable regulations.

6.5 Liability and Risk Allocation

Customer acknowledges that Company shall have no liability for any claims, damages, fines, penalties, or losses arising from the sending, failure, interception, or delivery of Mobile Communications, whether caused by Company, third-party service providers, end-user actions, or technical failures. Customer assumes all risk associated with Mobile Communications, including legal and regulatory compliance, consent management, content accuracy, and timing.

6.6 Recordkeeping and Compliance

Customer is solely responsible for maintaining accurate records of all Mobile Communications, including consents, opt-out requests, message logs, and compliance documentation. Company may, at its discretion, provide technical support, logging, or reporting features, but Company does not guarantee compliance or completeness of any records.

6.7 International and Cross-Jurisdictional Considerations

Customer acknowledges that recipients may be located outside the United States. Customer assumes all responsibility for compliance with any applicable international laws governing Mobile Communications, including GDPR, UK GDPR, and local telecommunication or marketing regulations.

6.8 Survival

The provisions of this section shall survive any termination or expiration of the Services, this Policy, or any agreement between Customer and Company and shall remain in full force and effect for any Mobile Communications sent or facilitated during the term of the Services.

7. DATA RETENTION AND DELETION

Company retains Customer Data and other information collected, processed, or stored in connection with the Services only for as long as necessary to provide the Services, comply with contractual obligations, satisfy legal, regulatory, tax, or accounting requirements, enforce our agreements, resolve disputes, prevent fraud, or otherwise fulfill legitimate business purposes ("Retention Period").

Customer acknowledges and agrees that:

Retention Practices: Customer Data may be stored in physical or electronic form, including in backups, archives, or redundant systems. Company employs commercially reasonable administrative, technical, and organizational safeguards to protect Customer Data during the Retention Period, but no system is completely secure, and Company cannot guarantee permanent security or continuous availability.

Deletion or Return of Data: Upon expiration, termination, or cancellation of the Services, or upon request by Customer, Company shall, to the extent technically feasible, either (i) return Customer Data to Customer in a mutually agreed-upon standard format, or (ii) delete Customer Data from active systems. Deletion from backup or archival systems may take additional time and may occur in accordance with Company's data lifecycle policies.

Exceptions to Deletion: Notwithstanding the foregoing, Company may retain Customer Data to the extent necessary to:

• comply with applicable laws, regulations, or legal obligations;
• maintain records for tax, accounting, or auditing purposes;
• protect Company's or third-party rights, property, or legal interests;
• resolve disputes, enforce agreements, or investigate fraud or security incidents;
• fulfill legitimate business purposes consistent with applicable law.

Customer Responsibility: Customer is solely responsible for ensuring that Customer Data submitted to or processed through the Services complies with applicable retention requirements and for obtaining any necessary consents from end users, leads, or other individuals regarding retention, storage, and deletion.

Third-Party Integrations: Customer acknowledges that, in connection with CRM platforms, IDX/MLS feeds, advertising networks, AI systems, SMS providers, analytics tools, or other third-party integrations, copies of Customer Data may be retained or processed by such third parties. Company disclaims liability for retention, deletion, or processing practices of third parties and Customer assumes all responsibility for ensuring compliance with applicable laws and policies.

Limitation of Liability: To the fullest extent permitted by law, Company shall not be liable for any claims, damages, or losses arising from the retention, destruction, loss, or corruption of Customer Data, including any consequences of delayed deletion, technical limitations, backup restoration, or actions by third parties.

Survival: The provisions of this section shall survive any termination or expiration of the Services, this Policy, or any agreement between Customer and Company.

8. DATA SECURITY

Company implements commercially reasonable administrative, technical, and physical safeguards designed to protect the integrity, confidentiality, and availability of Customer Data. While Company employs industry-standard measures, no system or network is completely secure, and no transmission of data over the Internet or any public or private network can be guaranteed to be error-free, uninterrupted, or fully secure. Customer acknowledges these limitations and agrees that Company shall not be liable for unauthorized access, disclosure, or loss of Customer Data resulting from factors beyond Company's reasonable control, including but not limited to third-party breaches, cyberattacks, or acts of nature. Customer retains ultimate responsibility for its own data protection, including secure storage, access management, and backup procedures.

9. CUSTOMER COMPLIANCE OBLIGATIONS

Customer expressly acknowledges, agrees, and warrants that it is solely responsible for ensuring that all use of the Services, and all collection, submission, processing, storage, transfer, and disclosure of Customer Data, end-user data, or other information through the Services, is conducted in full compliance with all applicable federal, state, and international laws, rules, regulations, and contractual obligations ("Compliance Obligations"). Customer's obligations include, but are not limited to, the following:

9.1 Lawful Data Collection and Processing

Customer shall ensure that all data submitted to or processed through the Services is collected, processed, and transmitted lawfully and in accordance with all applicable privacy, data protection, consumer protection, telecommunication, marketing, and advertising laws, including but not limited to GDPR, UK GDPR, CCPA/CPRA, VCDPA, CDPA, CTDPA, and other applicable regulations. Customer shall obtain all necessary consents, authorizations, notices, or permissions from data subjects prior to collection or processing.

9.2 Accuracy and Completeness of Data

Customer is solely responsible for the accuracy, completeness, and timeliness of any Customer Data or information submitted to the Services. Customer acknowledges that Company relies on Customer to provide accurate, complete, and lawful data and shall have no liability for errors, omissions, or consequences arising from inaccurate or incomplete submissions.

9.3 Third-Party Compliance

Customer shall ensure that any Customer Data shared with or transmitted to third-party service providers integrated with the Services—including but not limited to IDX/MLS platforms, CRM vendors, AI services, advertising networks, analytics platforms, SMS providers, cloud services, or other tools—complies with all applicable laws, contractual obligations, and industry standards. Customer acknowledges that Company has no control over, and expressly disclaims liability for, the actions, omissions, or compliance practices of such third parties.

9.4 Data Security and Safeguards

Customer shall implement commercially reasonable administrative, technical, and organizational measures to protect all Customer Data submitted to or processed through the Services, including sensitive or special category data, from unauthorized access, disclosure, alteration, loss, or destruction. Customer acknowledges that no system is entirely secure, and Customer assumes all risk associated with its own and third-party processing activities.

9.5 Regulatory and Contractual Compliance

Customer shall ensure that all processing of Customer Data through the Services, including marketing campaigns, SMS communications, AI-driven outputs, IDX integrations, CRM workflows, advertising, and analytics, complies with:

• Applicable data protection and privacy laws;
• Telecommunication, spam, and marketing regulations;
• IDX, MLS, or other licensing and contractual requirements; and
• Any industry standards or best practices relevant to Customer's business operations.

9.6 Monitoring and Enforcement

Customer shall maintain appropriate policies, procedures, and recordkeeping practices to demonstrate compliance with all obligations described herein. Customer is solely responsible for responding to data subject requests, audit inquiries, regulatory investigations, or legal claims arising from its use of the Services or the processing of Customer Data. Company may provide reasonable technical assistance, but ultimate responsibility for compliance rests with Customer.

9.7 Liability, Indemnification, and Risk Assumption

Customer acknowledges and agrees that Company shall have no liability for fines, penalties, claims, or damages arising from Customer's failure to comply with applicable laws, regulations, or contractual obligations. Customer agrees to defend, indemnify, and hold harmless Company, its affiliates, officers, directors, employees, and agents from and against any claims, liabilities, losses, costs, or expenses (including attorneys' fees) resulting from or related to Customer's failure to comply with its Compliance Obligations.

9.8 Survival

The obligations set forth in this section shall survive any termination, suspension, or expiration of the Services or any agreement between Customer and Company and shall continue to apply with respect to all Customer Data collected, processed, stored, transmitted, or otherwise handled through the Services.

10. GDPR COMPLIANCE

10.1 Scope and Roles

To the extent the Services involve the processing of personal data of individuals located in the European Union (EU), the European Economic Area (EEA), or the United Kingdom (UK) ("EU Data Subjects"), Customer acknowledges and agrees that:

10.2 Legal Bases for Processing

Customer represents and warrants that it has a valid legal basis for all personal data submitted or processed through the Services. Such legal bases may include, without limitation:

• Consent of the data subject
• Performance of a contract with the data subject
• Compliance with legal obligations
• Legitimate interests pursued by Customer, provided that such interests do not override the fundamental rights of the data subject
• Protection of vital interests or public interest where applicable

Company relies exclusively on the documented instructions of Customer and assumes no responsibility for the legal sufficiency of the Customer's chosen legal basis.

10.3 Data Subject Rights

Company shall, to the extent reasonably possible, assist Customer in fulfilling its obligations under GDPR to respond to requests from data subjects regarding:

• Access to their personal data
• Rectification of inaccurate or incomplete personal data
• Erasure ("right to be forgotten")
• Restriction of processing
• Data portability
• Objection to processing
• Withdrawal of consent, where processing is consent-based

Customer acknowledges that Company may require reasonable verification of identity and that Company is not liable for any consequences arising from incomplete or fraudulent requests.

10.4 Subprocessors

10.5 Security of Processing

Company implements appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, including but not limited to:

• Pseudonymization and encryption of personal data
• Ongoing confidentiality, integrity, availability, and resilience of processing systems
• Regular testing and evaluation of security measures
• Ability to restore data following physical or technical incidents

Company does not guarantee absolute security and Customer acknowledges inherent risks of digital processing.

10.6 Data Breach Notification

In the event of a confirmed personal data breach affecting Customer Data, Company shall notify Customer without undue delay after becoming aware of the breach. Notification may include:

• Nature and scope of the breach
• Categories and approximate number of affected data subjects
• Potential consequences of the breach
• Measures taken or proposed to mitigate the breach

Customer retains responsibility for fulfilling any regulatory notification obligations to supervisory authorities and affected data subjects.

10.7 International Transfers

Customer acknowledges that Customer Data may be transferred to, processed, or stored in countries outside the EU/EEA/UK. Company shall implement appropriate safeguards for such transfers, including without limitation:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding corporate rules where applicable
• Other legally recognized transfer mechanisms

Customer consents to such transfers and acknowledges that Company is not responsible for changes in local law affecting the processing of data post-transfer.

10.8 Deletion and Return of Data

Upon termination of Services, Company shall, at Customer's choice:

• Delete all Customer Data, or
• Return all Customer Data in a mutually agreed format

unless retention is required by law or regulation, in which case Company shall segregate and protect retained data.

10.9 Limitation of Liability and Indemnification

Company shall not be liable for:

• Customer's failure to obtain consent or comply with GDPR obligations
• Regulatory fines or penalties imposed on Customer
• Misuse of Customer Data by Customer, end users, or third-party integrations

Customer agrees to indemnify and hold Company harmless from all claims, damages, or regulatory actions arising from Customer's noncompliance with GDPR or related data protection laws.

11. CALIFORNIA PRIVACY RIGHTS

If you are a resident of California, you may have certain rights under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable state privacy laws (collectively, "California Privacy Laws"). These rights are in addition to any rights you may have under other sections of this Policy.

11.1 Information We Collect and Disclose

Under California Privacy Laws, you have the right to request information regarding the categories of personal information we collect, process, and disclose about you, including:

• categories of personal information collected;
• sources from which personal information is collected;
• purposes for which personal information is collected and used;
• categories of third parties with whom personal information is shared; and
• specific pieces of personal information we have collected about you.

11.2 Access, Correction, and Deletion Rights

California residents may request to:

• access the personal information we have collected about them;
• obtain a copy of specific personal information in a portable and readily usable format;
• request correction of inaccurate, incomplete, or outdated personal information; and
• request deletion of personal information we have collected, subject to applicable exceptions (including legal obligations, fraud prevention, or legitimate business purposes).

11.3 Opt-Out of Sale or Sharing

Although Company does not sell personal information for monetary consideration, under California Privacy Laws, "sale" or "sharing" may be broadly interpreted to include certain disclosures to third parties for business purposes. California residents have the right to opt out of such disclosures. Requests to opt out may be submitted in accordance with the instructions provided below.

11.4 Methods for Exercising California Privacy Rights

California residents may exercise these rights by:

• contacting Company at [Insert Contact Information];
• submitting a verifiable request, including sufficient information to allow Company to verify your identity;
• using any online request portal, email address, or toll-free telephone number provided for this purpose.

Company may require verification of your identity and may request additional information to fulfill your request. Company will respond within the timeframe required under applicable law.

11.5 Non-Discrimination

Company will not discriminate against you for exercising any of your California Privacy Rights, including by denying services, charging different prices, or providing a different level or quality of service, except as permitted under California Privacy Laws.

11.6 Third-Party Disclosures

California residents acknowledge that, in connection with the Services, personal information may be disclosed to third-party service providers, advertising platforms, IDX/MLS systems, AI services, analytics providers, CRM platforms, or other integrations. Company disclaims liability for the acts, omissions, or compliance practices of such third parties and Customer assumes responsibility for ensuring that any such disclosures comply with applicable laws and obtain any required consents.

11.7 Limitations and Exceptions

Certain rights under California Privacy Laws may be limited or unavailable, including but not limited to:

• personal information collected before the applicability of the law;
• information necessary to complete a transaction or fulfill a contract;
• information required to detect or prevent fraud or illegal activity;
• information subject to other legal or regulatory obligations.

11.8 Updates to Rights and Requests

Company may update procedures or contact information for exercising California Privacy Rights at any time, and such updates will be reflected in this Policy. Customers are responsible for reviewing this Policy periodically to remain informed of changes.

12. OTHER U.S. STATE LAWS

In addition to California-specific rights, the Services and Company operations may be subject to, and Customer acknowledges and agrees to comply with, other applicable state-level privacy, consumer protection, marketing, or data protection laws in the United States ("State Privacy Laws"), including but not limited to laws enacted in Virginia (VCDPA), Colorado (CDPA), Connecticut (CTDPA), Utah, and any other state with applicable data protection or privacy legislation.

12.1 Compliance Responsibility

Customer is solely responsible for ensuring that its use of the Services, including collection, processing, storage, sharing, or transmission of personal information, marketing campaigns, communications, CRM operations, IDX integrations, AI-driven outputs, SMS, email, or push notifications, complies with all applicable State Privacy Laws. Customer represents and warrants that it has obtained all necessary consents, notices, and authorizations required by law and has implemented all required procedures to satisfy such laws.

12.2 Rights Under State Laws

Depending on the jurisdiction of Customer or end users, individuals may have certain rights under State Privacy Laws, including but not limited to:

• the right to access personal information collected about them;
• the right to correct inaccurate, incomplete, or outdated personal information;
• the right to request deletion or restriction of processing of personal information;
• the right to opt out of the sale or sharing of personal information;
• the right to receive a copy of any disclosures made to third parties; and
• the right to submit verifiable requests to exercise these rights.

Customer assumes full responsibility for implementing procedures to facilitate such rights and for responding to requests in accordance with the law. Company may provide reasonable technical assistance, but Company does not assume responsibility for the timeliness, completeness, or accuracy of Customer's compliance efforts.

12.3 Third-Party Disclosures

Customer acknowledges that personal information may be disclosed to third-party service providers, including but not limited to IDX/MLS platforms, CRM vendors, advertising networks, AI service providers, analytics platforms, and SMS/communications providers. Customer assumes full responsibility for ensuring that any such disclosures comply with applicable State Privacy Laws and that all required contractual, consent, or notice obligations are satisfied. Company expressly disclaims liability for the actions, omissions, or compliance of third parties.

12.4 Data Security and Risk Allocation

Customer is solely responsible for implementing reasonable administrative, technical, and organizational measures to protect personal information in accordance with applicable State Privacy Laws. Company employs commercially reasonable safeguards; however, no system is completely secure, and Company shall not be liable for unauthorized access, disclosure, loss, or corruption of data, including through third-party services.

12.5 Liability Limitation and Indemnification

To the fullest extent permitted by law, Company shall have no liability for fines, penalties, claims, or damages arising from Customer's or third-party failure to comply with any State Privacy Laws. Customer agrees to indemnify, defend, and hold harmless Company from and against any such claims, liabilities, or regulatory actions resulting from or related to Customer's or third-party processing of personal information, marketing campaigns, communications, IDX integrations, CRM usage, or AI-generated outputs.

12.6 Updates and Changes to Laws

Customer acknowledges that State Privacy Laws are evolving and may impose additional obligations over time. Customer is responsible for monitoring legal developments and ensuring ongoing compliance with all applicable state, federal, and local regulations. Company may, at its discretion, update its Policies to reflect changes in applicable laws, but ultimate compliance responsibility rests with Customer.

12.7 Survival

The provisions of this section shall survive any termination, suspension, or expiration of the Services, this Policy, or any agreements between Customer and Company, and shall remain in full force and effect for all personal information collected, processed, stored, or transmitted through the Services.

13. DATA PROCESSING ADDENDUM (DPA)

13.1 Scope

This DPA applies where Company processes personal data on behalf of Customer.

13.2 Instructions

Company shall process data only on documented instructions from Customer, except as required by law.

13.3 Confidentiality

Company personnel are subject to confidentiality obligations.

13.4 Security Measures

Company implements reasonable technical and organizational safeguards.

13.5 Subprocessors

Company may engage subprocessors and remains responsible for their performance.

13.6 Data Subject Requests

Company shall assist Customer in responding to requests where required.

13.7 Data Breach

Company shall notify Customer of confirmed data breaches as required by law.

13.8 Deletion or Return

Upon termination, Company may delete or return data at its discretion, unless retention is required.

14. INTERNATIONAL TRANSFERS

Customer acknowledges and agrees that, in connection with the provision of the Services, Company may collect, process, store, and transfer personal information, Customer Data, or other information to jurisdictions outside of the country in which the Customer or data subject resides ("International Transfers"). Such transfers may include, without limitation, transfers to servers, service providers, subsidiaries, affiliates, cloud providers, AI platforms, CRM systems, IDX integrations, advertising networks, analytics platforms, or SMS and communication providers located in the United States or other countries.

14.1 Compliance with Applicable Law

Customer acknowledges that International Transfers may implicate various data protection and privacy laws, including but not limited to the General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other international, federal, or state data protection regulations. Customer assumes full responsibility for ensuring that any such transfers, processing, or storage of personal information complies with all applicable laws, including the implementation of any required safeguards, contractual clauses, or consent mechanisms.

14.2 Mechanisms for Lawful Transfers

Company may, in its sole discretion, rely on one or more lawful mechanisms for International Transfers, including but not limited to:

• Standard contractual clauses approved by the European Commission or other competent authorities;
• Binding corporate rules;
• Adequacy determinations issued by competent regulatory authorities;
• Explicit consent obtained by Customer from data subjects; or
• Other mechanisms permitted under applicable law.

Customer acknowledges that Company makes reasonable efforts to implement such mechanisms where applicable but cannot guarantee compliance by third parties, regulators, or data recipients. Customer is responsible for ensuring that any personal information submitted or transmitted through the Services is processed in accordance with applicable law.

14.3 Third-Party Transfers

Customer acknowledges that International Transfers may involve third-party service providers, including cloud providers, CRM platforms, IDX/MLS systems, advertising networks, AI platforms, analytics providers, and SMS or communications providers. Company expressly disclaims any liability for the actions, omissions, or compliance practices of such third parties with respect to International Transfers. Customer assumes all risk and responsibility for such third-party transfers, including obtaining any necessary consents, implementing appropriate safeguards, and complying with applicable laws.

14.4 Risk Allocation

Customer acknowledges that International Transfers may involve risks, including but not limited to differences in legal protections, regulatory enforcement, privacy standards, and technical security measures. Customer assumes all risk associated with such transfers, and Company shall not be liable for any loss, unauthorized access, disclosure, or breach of data occurring during or resulting from International Transfers.

14.5 Recordkeeping and Documentation

Customer is responsible for maintaining any required records, documentation, or notices related to International Transfers, including contracts, consents, or legal authorizations, to demonstrate compliance with applicable data protection and privacy laws. Company may provide reasonable technical or administrative support for recordkeeping, but ultimate responsibility rests with Customer.

14.6 Survival

The provisions of this section shall survive any termination, suspension, or expiration of the Services, this Policy, or any agreement between Customer and Company and shall remain in full force and effect with respect to all personal information transferred internationally during the term of the Services.

15. AI AND AUTOMATED DECISION-MAKING

Company may utilize artificial intelligence, machine learning, and other automated technologies, whether proprietary or integrated from third parties, to analyze, process, and interpret data, including without limitation:

• analyzing behavior, activity, or interaction patterns of users, leads, or other entities;
• generating, suggesting, or modifying content, communications, recommendations, or outputs;
• providing predictive, prescriptive, or personalized recommendations, insights, or guidance to Customer or end users;
• performing automated decision-making or scoring in connection with Customer-directed campaigns, CRM workflows, or other Services.

Customer acknowledges and agrees that:

• AI and automated processing are inherently probabilistic and may produce outputs that are inaccurate, incomplete, misleading, biased, outdated, or otherwise erroneous;
• Company makes no representations or warranties regarding the accuracy, reliability, suitability, legality, or compliance of any AI-generated or automated outputs;
• Customer is solely responsible for reviewing, validating, and applying any AI-generated or automated outputs and for ensuring that their use complies with all applicable laws, regulations, industry standards, and internal policies;
• Company shall have no liability, responsibility, or obligation, whether direct, indirect, incidental, consequential, or punitive, for any decision, action, or inaction taken by Customer, end users, or third parties that relies on AI-generated outputs or automated recommendations;
• Customer assumes all risks arising from or relating to the use of AI or automated processing, including without limitation reliance on outputs in marketing campaigns, real estate transactions, communications, or content generation.

Nothing in this section shall be interpreted to impose a duty on Company to monitor, verify, correct, or validate AI outputs or automated decision-making results, and all such obligations remain the sole responsibility of Customer.

16. THIRD-PARTY SERVICES AND INTEGRATIONS

The Services may include or provide access to links, references, integrations, widgets, APIs, platforms, tools, software components, or other connectivity to third-party websites, services, applications, or providers (collectively, "Third-Party Services"). Such Third-Party Services may be made available for convenience, functionality, interoperability, or performance of the Services, including but not limited to IDX feeds, multiple listing services (MLS), advertising platforms, marketing automation tools, analytics providers, communication services, AI or automated content providers, and other third-party platforms or integrations.

Customer expressly acknowledges, understands, and agrees that:

No Control or Endorsement: Company does not control, operate, manage, or monitor Third-Party Services, and Company expressly disclaims any representations, warranties, or guarantees regarding the availability, accuracy, legality, compliance, security, functionality, reliability, content, privacy practices, or performance of any Third-Party Service. Company does not endorse, sponsor, or approve any Third-Party Service, and inclusion of links, integrations, or references does not constitute an endorsement or recommendation.

Assumption of Risk: Customer assumes all risk, responsibility, and liability arising from or relating to any use, interaction, access, reliance, or integration with Third-Party Services, including without limitation any data transmission, processing, or sharing that occurs in connection with such Third-Party Services. Customer further acknowledges that Company is not responsible for any loss, damage, interruption, error, unauthorized access, misappropriation, or violation of applicable law resulting from use of Third-Party Services.

Compliance Responsibility: Customer is solely responsible for reviewing, understanding, and complying with all terms of service, privacy policies, end-user license agreements, contractual obligations, and legal requirements imposed by Third-Party Services, including those governing the collection, processing, storage, or sharing of personal information.

Integration Disclaimer: Company may, at its discretion, provide technical, functional, or operational integrations with Third-Party Services, including but not limited to APIs, IDX feeds, advertising platforms, AI services, or marketing automation tools. Such integrations do not create any obligation, duty, or liability for Company with respect to the security, compliance, content, performance, or outputs of any Third-Party Service.

Data Transmission and Processing: Any data transmitted to or received from Third-Party Services remains subject to Customer's obligations under this Policy and all applicable law. Company makes no representation or warranty that such third parties will comply with any privacy, security, or regulatory requirements, and Customer is responsible for ensuring compliance with all applicable laws, including but not limited to GDPR, CCPA, CPRA, TCPA, and other international, federal, or state regulations.

No Agency or Partnership: Nothing in this section shall be interpreted or construed to create any partnership, joint venture, fiduciary relationship, agency, or employment relationship between Company and any Third-Party Service provider. Company does not assume any obligation, liability, or duty of care with respect to the operations or practices of third parties.

Liability Limitation: Customer acknowledges that Company shall have no liability whatsoever for the acts, omissions, or conduct of Third-Party Services, including any errors, failures, breaches, misuse, misrepresentations, or regulatory noncompliance arising from such services. Customer assumes all risks associated with engaging, integrating, or relying upon Third-Party Services.

Data Collection by Third Parties: Customer acknowledges that interaction with Third-Party Services may result in the collection, storage, processing, or sharing of personal information in accordance with the privacy policies, practices, or terms of such third parties. Customer assumes all responsibility for obtaining necessary consents, providing appropriate disclosures, and ensuring legal compliance with respect to such data.

17. DO NOT TRACK (DNT)

The Services do not actively respond to or honor "Do Not Track" ("DNT") signals, browser settings, or other similar mechanisms or communications designed to indicate a preference not to be tracked online. Customer acknowledges and agrees that the absence of a response to such signals is consistent with industry-standard practices and applicable law, including without limitation regulations concerning behavioral advertising, analytics, and marketing automation.

Customer further acknowledges that:

• Company may continue to collect, process, or analyze data from website visitors, end users, or other individuals, regardless of the presence or absence of a DNT signal;
• Third-party service providers, including but not limited to advertising platforms, analytics vendors, IDX providers, CRM integrations, AI tools, and messaging platforms, may independently track or process data in ways that are outside Company's control and may not respond to DNT signals;
• Company disclaims any liability or responsibility for the data collection, use, or tracking practices of third-party service providers, including any failure to honor DNT signals;
• Customer assumes all responsibility and liability for ensuring that its use of the Services, including Customer-controlled websites, CRM systems, marketing campaigns, or automated communications, complies with all applicable laws and regulations regarding user tracking, behavioral profiling, and privacy preferences;
• Nothing in this section shall be construed as creating an obligation for Company to monitor, modify, or restrict the tracking or data collection practices of third parties or Customer-operated systems.

Customer acknowledges that by using the Services, it expressly consents to the collection, processing, and use of information in accordance with this Policy, notwithstanding any DNT or similar browser-based signals.

18. CHILDREN'S PRIVACY

The Services are not intended for children under the age of thirteen (13), or, where higher age thresholds apply under applicable law (including, without limitation, the European Union, United Kingdom, or other jurisdictions), for minors below the age required to lawfully consent to the processing of their personal data ("Children").

18.1 Collection from Children Prohibited

Customer represents and warrants that it will not knowingly submit, upload, transmit, or process any personal information of Children through the Services. Company does not knowingly collect, process, or store personal information from Children.

18.2 Parental Consent

If, notwithstanding the foregoing, Company becomes aware that personal information has been provided by or about a Child, Company shall take commercially reasonable steps to delete such information immediately. Customer is responsible for obtaining all necessary parental or guardian consents for any data collection, processing, or marketing activities involving Children, including but not limited to:

• creating accounts, profiles, or registrations
• submitting information to CRM or lead systems
• receiving automated marketing or communications
• interacting with IDX-enabled property search tools
• engaging with AI-generated content or recommendations

18.3 Marketing and Communication Restrictions

Customer and Company shall not send marketing, promotional, or automated communications to Children. All SMS, email, push notifications, and other communications must comply with age-appropriate laws and parental consent requirements. Customer assumes full liability for any violations.

18.4 Third-Party Services

Customer acknowledges that Company may utilize third-party providers (including IDX feeds, ad networks, SMS platforms, analytics, and AI systems). Company is not responsible for the practices or compliance of such third parties regarding Children's data. Customer assumes all responsibility for ensuring that third parties comply with applicable children's privacy laws.

18.5 Regulatory Compliance

Customer agrees to comply with all applicable laws regarding the protection of children's personal information, including but not limited to:

• the Children's Online Privacy Protection Act (COPPA) in the United States
• GDPR and UK GDPR requirements for minors (including Article 8 GDPR regarding parental consent)
• any state-specific children's privacy laws
• international equivalents as applicable

Company expressly disclaims liability for any failure by Customer or any third party to comply with applicable children's privacy requirements. Customer shall indemnify and hold harmless Company from any claims, fines, penalties, or damages arising from violations involving Children's data.

18.6 Data Deletion and Parental Requests

In the event Company is notified that personal information of a Child has been collected, Company will, to the extent technically feasible, delete such data promptly. Customer shall cooperate fully with Company to identify, remove, or correct any such data and to comply with parental or legal requests regarding Children.

18.7 Limitation of Liability

To the fullest extent permitted by law, Company shall not be liable for any actual or alleged unauthorized collection, use, or disclosure of Children's information, including any actions taken by Customer, end users, or third-party service providers. Customer assumes all risk and liability associated with Children's data.

19. CHANGES TO THIS POLICY

Company reserves the right, at its sole discretion, to modify, amend, update, or revise this Policy, including any terms, conditions, provisions, or practices relating to the collection, processing, storage, retention, sharing, or transfer of personal information, Customer Data, or any other information, at any time and without prior notice, except as may be required by applicable law. Such modifications may include, but are not limited to, updates necessitated by changes in applicable laws, regulations, industry standards, security requirements, business operations, technological developments, or integration with third-party services, including IDX/MLS systems, CRM platforms, advertising networks, AI services, SMS providers, analytics platforms, and cloud infrastructure.

Customer acknowledges and agrees that continued access to or use of the Services after any modification, amendment, or update constitutes Customer's express acceptance of the updated Policy. Company may, at its discretion, provide notice of material changes through electronic communication, email, in-product notification, or posting on the Company website; however, Company shall have no liability for any failure of Customer or end users to receive such notice or to review the updated Policy.

Customer is responsible for reviewing the Policy periodically to ensure ongoing awareness of its terms and obligations, including any changes affecting:

• Collection, processing, storage, or transfer of personal information;
• Customer rights and obligations under applicable privacy or data protection laws, including GDPR, UK GDPR, CCPA/CPRA, VCDPA, CDPA, CTDPA, and other federal, state, or international laws;
• Third-party integrations, APIs, CRM systems, IDX/MLS feeds, AI-generated outputs, advertising, SMS, and other marketing communications; and
• Security measures, retention, deletion, and risk management practices.

Any failure by Customer to comply with the terms of this Policy, as amended or updated, may result in suspension, restriction, or termination of access to the Services, in addition to any other remedies available at law or in equity. The provisions of this section shall survive any expiration, termination, or cancellation of the Services or any agreement between Customer and Company.

20. GOVERNING LAW

This Policy, including all rights, obligations, and liabilities arising hereunder, shall be governed by, construed, and enforced in accordance with the laws of the State of Florida, United States of America, without regard to any conflict of laws principles that would require the application of the laws of another jurisdiction.

Any claim, dispute, or controversy arising out of or relating to this Policy, the Services, the interpretation, enforcement, or breach thereof, or any transaction contemplated hereby, including claims arising under federal, state, or local law, shall be brought exclusively in the state or federal courts located in [insert county], Florida, and Customer and Company irrevocably submit to the exclusive personal jurisdiction and venue of such courts and waive any objection to jurisdiction or venue therein, including without limitation any objection based on forum non conveniens.

The parties expressly agree that any statute or regulation providing for the application of the law of another jurisdiction shall not apply to any dispute arising under this Policy. In the event any provision of this Policy is found to be invalid, illegal, or unenforceable under applicable law, such provision shall be enforced to the maximum extent permissible and the remaining provisions shall remain in full force and effect.

Nothing in this section shall be interpreted to limit Company's right, at its sole discretion, to seek injunctive or equitable relief in any jurisdiction to protect its intellectual property, confidential information, or proprietary rights.

This Governing Law and Jurisdiction section shall survive termination or expiration of this Policy, the Services, or any agreement between Customer and Company.

21. CONTACT

PromotePlus.ai
1217 E Cape Coral PKY
Suite #94
Cape Coral, FL 33904
legal@PromotePlus.ai