ONLINE CUSTOMER LICENSE AGREEMENT

‍SENSEON ONLINE CUSTOMER LICENSE AGREEMENT (UK) (OCLA).

1. This SenseOn Online Customer Licence Agreement (UK) (the “OCLA”) is between:
   
   1. SenseOn Tech Ltd (company number 11032394) whose registered office is at 8 St. James’s Square, St James’s, London, England, SW1Y 4JU (“SenseOn”, “we”, “us”); and
   2. the organisation that (a) signs an Order Form referencing this OCLA, and/or (b) creates an account for, accesses or uses the Software (the “Customer”, “you”).
   3. If you accept this OCLA on behalf of a company or other legal entity, you represent that you have authority to bind that entity. If you do not have such authority, do not accept this OCLA.
2. DEFINITIONS AND INTERPRETATION
   
   1. Definitions. In this OCLA:

“AI-Closed Investigation” means an investigation that Resolve AI completes and closes without any human analyst intervention. Investigations escalated to a human analyst are not AI-Closed Investigations.

“Annual FIC Commitment” means the number of FIC committed for a 12-month subscription period, as stated in the Order Form (or the pro-rated equivalent for non-annual periods).

“Affiliate” means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with a party. “Control” means ownership of more than 50% of the voting interests or the ability to direct management.

“Authorised Users” means individuals permitted by Customer to access and use the Software under Customer’s account (including employees, contractors and consultants).

“Billable GB” means a decimal gigabyte measured from bytes, where 1 GB equals 1,000,000,000 bytes, calculated on a logical (uncompressed) basis after decode/decompression.

“Committed Tier” means the tier stated in the Order Form for the Subscription Term; the unit price per FIC is defined in the Order Form and remains fixed for the term unless the parties agree a documented upgrade.

“Customer Data” means data, content, logs, telemetry and other information submitted to, collected by, or processed within the Software from Customer’s systems or by Authorised Users, including data that may include Personal Data.

Data Protection Laws” means all applicable laws and regulations relating to privacy or data protection, including (where applicable) the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (as amended and replaced from time to time).

DPA” means Schedule DP (Data Processing Addendum (UK)) to this OCLA, which governs Processing of Personal Data where SenseOn acts as Processor.

“Daily Allowance” means the daily limit on FIC usage calculated by dividing the total remaining Annual FIC Commitment by the number of remaining days in the applicable subscription year.

“Documentation” means user guides and technical documentation made available by SenseOn for the Software (for example at docs.senseon.io or a successor location).

“Edge Processing Volume” means Billable GB entering SenseOn Edge Processing (where used) prior to filtering/pruning and prior to tagging into pipelines.

“Extra Usage Credits” means incremental credits charged for usage above the Daily Allowance after the Incident Relief Period, calculated per day.

“Fees” means the fees and other amounts payable for a Subscription (and any SenseOn‑delivered services, if applicable), as set out in the applicable Order Form or (where a Partner is Seller of Record) the applicable Partner Contract.

Platform Fees means the Fees payable for the Software subscription (including any subscription entitlements/add-ons expressly stated in an Order Form or Partner Contract), excluding VAT and other applicable taxes. References in any Order Form or Partner-to-Customer contract to “Platform Fees” are references to Fees.

“FIC” or “Flex Intelligence Credits” means the unit used by SenseOn to measure and price certain usage of the Software, as described in the FIC Schedule and the applicable Order Form.

“FIC Schedule” means the SenseOn FIC Commercial Mechanics Schedule (UK) incorporated by reference or attachment into an Order Form or Partner-to-Customer contract, which defines the metering, consumption and billing mechanics for FIC and prevails for FIC mechanics for the relevant Subscription Term.

“Incident Relief Period” means the period during which Customer may exceed the Daily Allowance for up to five (5) consecutive days without incurring Extra Usage Credits.

“Pipeline Volume” means Billable GB entering a named pipeline after Edge Processing and tagging.

“Resolve AI Credits” means credits charged for AI-Closed Investigations at the conversion rate stated in the Order Form (credits per AI-Closed Investigation).

“Universal Sensor Telemetry” is telemetry from SenseOn’s Universal Sensor which consists of Endpoint Detection and Response, Endpoint Protection Platform and Endpoint Network Detection and Response (ENDR) components of our Universal Sensor and is billed based on the Detection and Response Pipeline Volume leaving the Universal Sensor into the platform.

“Order Form” means an order form, subscription schedule, checkout confirmation, partner portal order, or other ordering document that (a) identifies the commercial variables for a Subscription and (b) incorporates this OCLA by reference (including by URL and version/date).

“Partner” means an authorised SenseOn partner, reseller, distributor, MSP or MSSP.

“Partner Contract” means the separate agreement between Customer and a Partner governing their commercial relationship (including ordering, pricing, invoicing and payment terms).

“Personal Data” has the meaning given under applicable Data Protection Laws.

“Products” means the Software and Documentation.

“Seller of Record” means the entity that invoices Customer for the Fees for the Subscription (SenseOn or a Partner, as applicable), as stated in the Order Form or Partner Contract.

“Software” means SenseOn’s threat detection and response platform and related software components provided on a hosted/SaaS basis, including any sensors, agents, connectors, integrations and updates that SenseOn makes available as part of the subscription.

“Subscription” means Customer’s right to access and use the Software for the subscription term and scope described in an Order Form (or, for PAYG, a rolling subscription until cancelled).

“Subscription Term” means the duration of a Subscription as stated in an Order Form (or, where PAYG, the billing period on a rolling basis until cancellation).

“SenseOn Trust Centre” means https://trust.senseon.io/ or any successor location notified by SenseOn.

“Trial Subscription” means any free, trial, evaluation or proof‑of‑value access to the Software (or any part of it) provided by SenseOn.

“Usage Statement” means a usage report made available by SenseOn showing Edge Processing Volume, Pipeline Volumes and any Resolve AI consumption for the relevant period.

2. Interpretation. Headings do not affect interpretation. “Including” means “including without limitation”. References to “writing” include email.

3. ACCEPTANCE AND CONTRACT STRUCTURE
   
   1. Acceptance. Customer accepts this OCLA by any of the following:
      
      1. signing an Order Form that references this OCLA;
      2. clicking “I agree” (or similar) when presented with this OCLA; and/or
      3. accessing or using the Software after being given a reasonable opportunity to review this OCLA.
   2. Customer Contract. The “Customer Contract” consists of:
      
      1. this OCLA;
      2. the applicable Order Form(s);
      3. the Flex Intelligence Credits (FIC) Commercial Mechanics Schedule (UK) (the “FIC Schedule”), if referenced or attached in an Order Form or Partner-to-Customer contract; and
      4. any Service Schedule or SenseOn Terms of Service (Partner Transactions) referenced in an Order Form, where applicable.
      5. Acknowledgement of route to market. Customer acknowledges that where a Partner is the Seller of Record: 
         
         1. the Partner is solely responsible for commercial obligations to Customer; and 
         2. SenseOn’s obligations are limited to the provision of the Software and SenseOn-delivered elements in accordance with this OCLA.
   3. Order of precedence (limited by subject-matter). If there is a conflict:
      
      1. the Order Form prevails only for the variables it expressly states (Subscription Term, plan selection, commitment, tier, rate, billing cadence, entitlements and any expressly stated special terms);
      2. the FIC Schedule prevails for FIC metering points, measurement, consumption, Daily Allowance, Incident Relief Period, Extra Usage Credits, tier-lock and usage statement/dispute mechanics for the relevant Subscription Term;
      3. the DPA (Schedule DP) prevails only to the extent the conflict relates to Processing of Personal Data; and
      4. any Service Schedule / Partner Transactions terms prevail only for SenseOn-delivered services, service levels, service credits and service warranties applicable to those services.
      5. For all other matters, this OCLA prevails.
4. ROUTE TO MARKET: PURCHASES VIA PARTNERS
   
   1. Partner commercial wrapper. If Customer purchases through a Partner, Customer’s commercial relationship with the Partner (including ordering, pricing, invoicing and payment terms, and the commercial term) is governed by the Partner Contract. SenseOn is not a party to the Partner Contract and is not responsible for the Partner’s obligations under it.
   2. Commercial claims. Customer agrees that any claim, dispute or liability arising from or relating to pricing, discounts, invoicing, payment terms, tax treatment, refunds, credits or other commercial matters must be pursued solely against the Partner acting as Seller of Record, and not against SenseOn.
   3. OCLA still governs product use. This OCLA governs Customer’s use of the Software and SenseOn’s obligations under the Customer Contract, regardless of whether Customer purchases directly or via a Partner.
   4. No Partner override. To the extent any Partner Contract term purports to impose obligations on SenseOn or vary SenseOn’s obligations under the Customer Contract, that term has no effect as between Customer and SenseOn.
   5. For the avoidance of doubt, any partner programme concepts (including deal motion classification, partner rebates, partner discounts, or “partner of record” attribution) are solely between SenseOn and the relevant partner(s) and do not affect Customer’s rights or obligations under this Agreement.
   6. No authority. Partners are independent contractors and have no authority to make representations, warranties, commitments or guarantees on behalf of SenseOn. SenseOn is not bound by any statement or promise made by a Partner unless expressly agreed in writing by SenseOn.
5. FEES, INVOICING AND TAXES
   
   1. Fees. Customer will pay all Fees to the Seller of Record in accordance with the applicable Order Form (and, where the Seller of Record is a Partner, the Partner Contract governs invoicing and payment mechanics). Where SenseOn is the Seller of Record and the Order Form does not state a payment due date, invoices are payable within thirty (30) days of the invoice date.
   2. Taxes. Fees are exclusive of VAT and any other applicable taxes, levies or duties. Customer is responsible for paying VAT at the applicable rate and any similar taxes (excluding taxes based solely on SenseOn’s net income). If Customer is required by law to withhold or deduct any tax from a payment, Customer will gross‑up the payment so the Seller of Record receives the full amount it would have received absent the withholding, unless prohibited by law.
   3. Disputes. Any good‑faith dispute of an invoice must be notified in writing to the Seller of Record within thirty (30) days of the invoice date, with reasonable detail. Customer will pay all undisputed amounts when due. The parties will work in good faith to resolve any dispute promptly.
   4. Late payment. If Fees are overdue and undisputed, SenseOn may (where permitted) suspend access in accordance with the TERM, SUSPENSION AND TERMINATION section. The Seller of Record may charge statutory interest and reasonable recovery costs under the Late Payment of Commercial Debts (Interest) Act 1998 (as amended) (or equivalent rights where the Seller of Record is a Partner).
   5. No set‑off. Fees must be paid without set‑off, counterclaim or deduction except to the extent required by law.
6. LICENCE GRANT AND USE OF THE SOFTWARE
   
   1. Licence. During the Subscription Term, SenseOn grants Customer a non-exclusive, non-transferable, non-sublicensable right for Authorised Users to access and use the Software for Customer’s internal business purposes, in accordance with the Customer Contract and Documentation.
   2. Affiliates. Customer may permit its Affiliates to use the Software only if (a) they do so under Customer’s account and control, and (b) Customer remains responsible for their compliance with the Customer Contract.
   3. Updates. SenseOn may provide updates, enhancements, new releases, features or improvements to the Software from time to time. Some updates may be required for security, reliability, legal compliance or performance reasons.
7. TRIAL SUBSCRIPTIONS AND PROOFS OF VALUE
   
   1. Evaluation only. If SenseOn provides a Trial Subscription, Customer may use the Software during the Trial Subscription solely for evaluation/proof‑of‑value and not for production use, unless SenseOn expressly agrees otherwise in writing.
   2. Trial period and termination. The trial period is as stated by SenseOn (or, if not stated, thirty (30) days). Either party may terminate a Trial Subscription at any time by notice.
   3. No warranties/service levels/support. To the maximum extent permitted by law, Trial Subscriptions are provided “as is” and SenseOn disclaims all warranties, service levels, service credits, indemnities and support obligations in respect of Trial Subscriptions, unless expressly stated otherwise in writing.
   4. Trial data. SenseOn may delete Trial data at the end of a Trial Subscription in accordance with its deletion processes and the DPA (Schedule DP) where applicable.
8. RESTRICTIONS AND ACCEPTABLE USE
   
   1. Customer must not (and must not allow any third party to):
      
      1. reverse engineer, decompile or disassemble the Software or attempt to discover its source code, except to the extent permitted by law that cannot be excluded;
      2. copy, modify or create derivative works of the Software or Documentation except as expressly permitted by the Customer Contract;
      3. access or use the Software to build or support a competing product or service;
      4. interfere with or disrupt the integrity or performance of the Software, including by probing, scanning or testing the vulnerability of any SenseOn system except as expressly authorised by SenseOn in writing; or
      5. use the Software in breach of applicable laws (including sanctions/export laws), or to store/transmit unlawful material.
   2. Security testing. If Customer wishes to conduct security testing of the Software, Customer must obtain SenseOn’s prior written approval and follow SenseOn’s responsible disclosure rules (available via the Trust Centre or on request).
9. ACCOUNTS, ADMIN, AND CUSTOMER RESPONSIBILITIES
   
   1. Accounts and admin. Customer is responsible for:
      
      1. maintaining the confidentiality of account credentials;
      2. assigning and managing admin roles and permissions;
      3. ensuring Authorised Users comply with the Customer Contract; and
      4. promptly notifying SenseOn of any unauthorised access.
   2. Customer environment and shared responsibility. Customer acknowledges that cybersecurity is a shared responsibility. Customer is responsible for its own systems, configurations, access controls, user behaviour, third-party tools and backups. The Software and any services form one layer of Customer’s security posture and cannot guarantee prevention of all threats.
   3. Cooperation. SenseOn’s ability to deliver the Software and any SenseOn-delivered services depends on Customer’s reasonable cooperation and provision of accurate information.
10. CUSTOMER DATA, DATA RIGHTS AND PRODUCT IMPROVEMENT
    
    1. Customer Data ownership. As between the parties, Customer retains all right, title and interest in and to Customer Data.
    2. Licence to SenseOn. Customer grants SenseOn and its subcontractors a limited, non-exclusive licence to host, process, transmit and otherwise use Customer Data solely to:
       
       1.  provide  and support the Software and any SenseOn-delivered services;
       2. maintain service security, integrity and resilience; and
       3. comply with applicable law.
    3. Aggregated/anonymous improvements. SenseOn may use de-identified and aggregated information derived from Customer Data for product improvement, analytics, security research, and development, provided it does not identify Customer or any individual.
    4. Customer responsibility for Customer Data. Customer is responsible for the accuracy, quality, integrity, legality, reliability and appropriateness of Customer Data, and for obtaining all rights, permissions and consents necessary for SenseOn to process Customer Data as contemplated by the Customer Contract.
11. FIC METERING AND COMMERCIAL MECHANICS (IF APPLICABLE)
    
    1. Incorporation of FIC Schedule. The Customer Contract may include a FIC Schedule. Where incorporated by reference or attachment in an Order Form or Partner-to-Customer contract, the FIC Schedule forms part of the Customer Contract.
    2. FIC Schedule precedence. If there is a conflict between this OCLA and the FIC Schedule regarding FIC metering, consumption, Extra Usage Credits or tier-lock mechanics, the FIC Schedule prevails for the relevant Subscription Term.
    3. Core definitions. Quoted terms used in this clause (including Billable GB, Edge Processing Volume, Pipeline Volume, Universal Sensor Telemetry, Committed Tier, Daily Allowance, Incident Relief Period and Extra Usage Credits) have the meanings given in clause 1 (Definitions) and the FIC Schedule.
    4. Where FIC applies:
       
       1. “Billable GB” means a decimal gigabyte measured from bytes, where 1 GB equals 1,000,000,000 bytes, calculated on a logical (uncompressed) basis after decode/decompression.
       2. “Edge Processing Volume” means Billable GB entering SenseOn Edge Processing (where used) prior to filtering/pruning and prior to tagging into pipelines.
       3. “Pipeline Volume” means Billable GB entering a named pipeline after Edge Processing and tagging.
       4. “Universal Sensor Telemetry” does not incur an additional Edge Processing charge and is billed on the Detection and Response Pipeline Volume leaving the Universal Sensor into the platform.
       5. “Committed Tier” means the tier stated in the Order Form for the Subscription Term; the unit price per credit is defined in the Order Form and remains fixed for the term unless the parties agree a documented upgrade.
    5. Extra Usage Credits. Where FIC applies:
       
       1. “Daily Allowance”. Customer’s “Daily Allowance” is calculated by pro‑rating the Annual FIC Commitment over the applicable subscription year (365 or 366 days, as applicable).
       2. “Incident Relief Period”. Customer may exceed the Daily Allowance for up to five (5) consecutive days without incurring Extra Usage Credits.
       3. After Incident Relief Period. After the Incident Relief Period, incremental usage above the Daily Allowance accrues daily as Extra Usage Credits and is invoiced in arrears on the cadence stated in the Order Form. SenseOn does not issue daily invoices.
       4. “Tier lock”. Exceeding a higher tier threshold does not entitle Customer to a lower unit price mid‑term; any tier change applies only by documented upgrade or renewal.
    6. Usage statements and disputes. SenseOn will make available usage statements in accordance with the FIC Schedule. Any good-faith dispute must be raised within the dispute window in the FIC Schedule. Undisputed amounts remain payable.
    7. Estimates. Any calculator, forecast, dashboard or estimate is for planning purposes only and does not override the metering counters used to produce usage statements and invoices. In the event of a discrepancy, the usage statement (subject to the dispute process) will be used.
12. DATA PROTECTION 
    
    1. Scope. Each party will comply with applicable Data Protection Laws.
    2. Business contact data. Each party acts as an independent controller in respect of Personal Data relating to the other party’s personnel processed for contract administration.
    3. Customer Data as processor. To the extent SenseOn processes Personal Data within Customer Data on Customer’s behalf to provide the Software and any SenseOn-delivered services, Customer is the controller and SenseOn is the processor, and the DPA at Schedule DP is incorporated into and forms part of the Customer Contract.
    4. Precedence. If there is any conflict between the DPA (Schedule DP) and any other provision of the Customer Contract regarding Processing of Personal Data, the DPA (Schedule DP) prevails to the extent of the conflict.
    5. +Trust Centre. SenseOn’s security measures and sub-processor list are described in the DPA (Schedule DP) and may be maintained via the SenseOn Trust Centre.
13. CONFIDENTIALITY
    
    1. Confidential Information means any information disclosed by a party that is marked confidential or that a reasonable person would understand to be confidential given its nature and the circumstances of disclosure.
    2. Each party must:
       
       1. use the other party’s Confidential Information only as necessary to perform or receive the benefit of the Customer Contract;
       2. keep it confidential; and
       3. protect it using at least the same degree of care it uses to protect its own confidential information of a similar nature, and in any event no less than reasonable care.
    3. Permitted disclosure. A party may disclose Confidential Information to its employees, contractors and professional advisers who need to know it for the permitted purpose, provided they are bound by confidentiality obligations no less protective than this clause.
    4. Compelled disclosure. A party may disclose Confidential Information if required by law or a competent authority, provided (to the extent legally permitted) it gives prompt notice and cooperates with reasonable requests to limit disclosure.
    5. Exclusions. Confidentiality obligations do not apply to information that is public other than through breach, already lawfully known, independently developed, or lawfully received from a third party without breach.
    6. Return/deletion. On termination or expiry, each party will, on request, return or delete the other party’s Confidential Information, subject to legally required retention and routine backup practices.
14. INTELLECTUAL PROPERTY
    
    1. SenseOn IP. As between the parties, SenseOn owns all Intellectual Property Rights in and to the Software, Documentation, and any updates, improvements or derivatives.
    2. Customer IP. As between the parties, Customer owns Customer Data.
    3. Feedback. If Customer provides feedback or suggestions, SenseOn may use them without restriction or obligation, provided it does not disclose Customer’s Confidential Information.
15. WARRANTIES AND DISCLAIMERS
    
    1. SaaS warranty. SenseOn warrants that it will provide the Software with reasonable care and skill. SenseOn may perform maintenance and updates. Planned maintenance may cause temporary unavailability.
    2. Service levels and credits. If the Order Form or a Service Schedule provides service levels and service credits, service credits are Customer’s sole and exclusive monetary remedy for service level failure, except to the extent prohibited by law.
    3. No other warranties. Except as expressly stated, SenseOn excludes all warranties, conditions and terms (whether express or implied) to the maximum extent permitted by law, including any implied warranties of satisfactory quality, fitness for a particular purpose and non-infringement (without prejudice to the IP indemnity below).
    4. Cybersecurity disclaimer. Customer acknowledges that no cybersecurity product or service can guarantee that all threats will be detected, prevented or remediated, or that all loss of data will be avoided.
16. INTELLECTUAL PROPERTY INFRINGEMENT INDEMNITY
    
    1. Indemnity. Subject to clauses 14.3 to 14.7, SenseOn shall defend and indemnify Customer against any third‑party claim that Customer’s use of the Software (and any Documentation supplied by SenseOn) in accordance with the Customer Contract infringes that third party’s Intellectual Property Rights (an “IP Claim”). SenseOn shall pay:
       
       1. damages finally awarded by a court of competent jurisdiction against Customer in respect of an IP Claim; or
       2. settlement sums agreed by SenseOn in writing,
       3. and in each case Customer’s reasonable legal fees and expenses. 
    2. IP remedies. If SenseOn considers that the Software is, or is likely to become, the subject of an IP Claim, SenseOn may at its option and expense:
       
       1. procure for Customer the right to continue using the affected Software;
       2. modify or replace the affected Software so that it becomes non‑infringing, provided that the modified or replacement Software is substantially equivalent in all material respects; or
       3. if neither (a) nor (b) is commercially reasonable, terminate Customer’s rights to use the affected Software and refund to Customer a pro‑rata portion of any prepaid fees actually received by SenseOn for the affected Software for the unused remainder of the then‑current Subscription Term.
    3. Exclusions. SenseOn has no liability under this clause to the extent the IP Claim arises from:
       
       1. use of the Software otherwise than in accordance with the Customer Contract and Documentation;
       2. use of the Software in combination with any hardware, software, systems, networks, data, content or other materials not supplied by SenseOn, except to the extent such combination is expressly permitted by the Documentation or approved in writing by SenseOn and the claim would have arisen irrespective of such combination;
       3. any modification not carried out by, or authorised in writing by, SenseOn;
       4. Customer’s failure to implement within a reasonable time a non‑infringing modification, replacement, workaround or update provided by SenseOn; or
       5. any materials, designs, instructions, content or data provided by Customer or on its behalf.
    4. Conditions. Customer must:
       
       1. notify SenseOn promptly in writing of the IP Claim (any delay relieves SenseOn only to the extent materially prejudiced);
       2. allow SenseOn sole control of the defence and settlement, provided SenseOn shall not settle any IP Claim in a manner that admits fault or imposes any ongoing obligation on Customer (other than cessation of use of the allegedly infringing item) without Customer’s prior written consent (not to be unreasonably withheld or delayed); and
       3. provide reasonable assistance and information at SenseOn’s expense.
       4. Customer conduct. Customer shall not admit liability, compromise or settle an IP Claim without SenseOn’s prior written consent (not to be unreasonably withheld or delayed).
       5. Exclusive remedy. This clause states Customer’s sole and exclusive remedy, and SenseOn’s entire liability, for an IP Claim.
       6. Liability cap. Subject to the “Non‑excludable liability” carve-outs in the Limitation of Liability section, SenseOn’s liability under this clause counts towards the aggregate liability cap, unless the applicable Order Form expressly states otherwise.
17. CUSTOMER INDEMNITY
    
    1. Indemnity. Customer shall defend and indemnify SenseOn against any third‑party claim, proceeding or demand arising out of or relating to: 
       
       1. Customer Data (including any allegation that Customer Data infringes a third party’s rights or violates applicable law), or 
       2. (b) Customer’s use of the Software in breach of the Customer Contract or applicable law.
    2. Conditions. SenseOn will: 
       
       1. notify Customer promptly in writing of the claim (delay relieves Customer only to the extent materially prejudiced); 
       2. allow Customer sole control of the defence and settlement, provided Customer may not settle any claim in a manner that admits fault by SenseOn or imposes any ongoing obligation on SenseOn without SenseOn’s prior written consent (not to be unreasonably withheld or delayed); and 
       3. provide reasonable assistance at Customer’s expense.
18. INSURANCE
    
    1. SenseOn shall, at its own expense, maintain in full force and effect throughout the Term insurance with reputable insurers on commercially reasonable terms and appropriate to the nature and scale of the Products and Services, including:
       
       1. employers’ liability insurance as required by applicable law;
       2. public and product liability insurance;
       3. professional indemnity insurance; and
       4. cyber liability and data protection insurance.
       5. Upon request, SenseOn shall provide the Customer with evidence that the insurance referred to in Clause 7.8 is in place (for example, certificates of insurance).
       6. For convenience, SenseOn may satisfy Clause 8.9 by making the relevant evidence available via SenseOn’s trust and compliance portal at https://trust.senseon.io/ (or any successor location notified by SenseOn).
       7. The maintenance of insurance by SenseOn does not limit or increase SenseOn’s liability under this Agreement, and SenseOn’s liability remains subject to the limitations and exclusions set out in Clause 10.
19. LIMITATION OF LIABILITY
    
    1. Nothing limits or excludes liability for death or personal injury caused by negligence, fraud or any liability that cannot be limited or excluded by law.
    2. Subject to clause 16.1, SenseOn is not liable for indirect or consequential loss or loss of profit, business or goodwill.
    3. Subject to clause 16.1, SenseOn’s aggregate liability arising under or in connection with this agreement is limited to the fees received by SenseOn (or payable to SenseOn) in respect of SenseOn-delivered elements for the twelve (12) months preceding the event giving rise to the claim.
    4. Service credits. Where service credits apply under a Service Schedule or Order Form, they are Customer’s sole and exclusive monetary remedy for the relevant service level failure, except to the extent prohibited by law.
    5. Application. The limitations and exclusions in this clause 16 apply whether liability arises in contract, tort (including negligence), breach of statutory duty, misrepresentation, restitution or otherwise, and regardless of the number of claims.
20. TERM, SUSPENSION AND TERMINATION
    
    1. Term. This OCLA applies from the date it is accepted and continues until terminated in accordance with this clause 16. Each Subscription has its own Subscription Term.
    2. No termination for convenience (fixed term). Except for PAYG Subscriptions (clause 16.3) and Proofs of Value (if applicable), neither party may terminate a fixed-term Subscription for convenience.
    3. PAYG cancellation. Where Customer has a PAYG Subscription, Customer may cancel effective at the end of the then-current billing period by following the cancellation process in the Software account settings or as otherwise notified. Fees accrued up to the end of the billing period remain payable.
    4. Termination for cause. Either party may terminate the Customer Contract (or the affected Subscription) immediately by written notice if the other party:
       
       1. commits a material breach and (if remediable) fails to remedy it within thirty (30) days after written notice; or
       2. becomes insolvent or enters administration, liquidation or similar proceedings.
    5. Suspension. SenseOn may suspend access to the Software (in whole or part) if:
       
       1. Fees are overdue and undisputed (after giving reasonable notice);
       2. Customer’s use materially threatens the security, integrity or availability of the Software; or
       3. Customer is using the Software unlawfully or in material breach of clause 5.
    6. SenseOn will use reasonable efforts to limit suspension to what is necessary and to restore service promptly once the issue is resolved.
21. CONSEQUENCES OF TERMINATION
    
    1. Access. On termination or expiry of a Subscription, Customer’s right to access and use the Software under that Subscription ends.
    2. Fees. All Fees accrued up to the effective date of termination or expiry remain payable and are non-refundable except where expressly stated in the Customer Contract (including clause 13.2(c) or where termination results from SenseOn’s uncured material breach).
    3. Customer Data return/deletion. Customer Data return/deletion is handled in accordance with the DPA (Schedule DP) and SenseOn’s standard data deletion processes, subject to legal retention.
    4. Data export. On Customer’s written request made before termination/expiry or within thirty (30) days after, SenseOn will make Customer Data available for export/download in a commonly used format, subject to: 
       
       1. the DPA (Schedule DP)
       2. payment of all undisputed Fees, and 
       3. SenseOn’s reasonable security requirements.
    5. Survival. Clauses that by their nature should survive (including confidentiality, IP, indemnities, liability, governing law) will survive termination or expiry.
22. CHANGES TO THIS AGREEMENT (VERSION CONTROL)
    
    1. Online terms. This Agreement is published online and may be updated from time to time.
    2. No retroactive changes within a Subscription Term. Unless required to comply with law, address a security or fraud/abuse concern, or as otherwise agreed in writing, any update to this Agreement applies only to:
       
       1. new customers; and
       2. renewals or new Order Forms entered into after the effective date of the update.
    3. Governing version. For an existing Subscription Term, the version/date of this Agreement identified in the applicable Order Form (or, where there is no signed Order Form, the version/date presented at the time of click-through acceptance) will continue to apply for that Subscription Term.
23. COMPLIANCE
    
    1. Laws. Each party will comply with applicable laws in connection with the Customer Contract.
    2. Sanctions/export. Customer must not use or permit use of the Software in breach of sanctions or export control laws.
    3. Usage verification. SenseOn may create and maintain records of Authorised Users, account activity and usage metrics as reasonably necessary to operate the Software, maintain security, provide support, and (where applicable) produce usage statements and invoices. Customer agrees that such records may be used to verify compliance with the Customer Contract.
24. FORCE MAJEURE
    
    1. Neither party is liable for delay or failure to perform obligations (other than payment obligations) due to events beyond its reasonable control. The affected party will notify the other and use reasonable endeavours to mitigate.
25. GENERAL
    
    1. Assignment. Either party may assign the Customer Contract to an Affiliate or to a successor in connection with a merger, acquisition, reorganisation or sale of substantially all assets, provided that the assignee assumes the assigning party’s obligations. Otherwise, neither party may assign without the other’s prior written consent (not to be unreasonably withheld or delayed).
    2. Subcontractors. SenseOn may use subcontractors to perform obligations, but remains responsible for their performance.
    3. Notices. Notices under the Customer Contract must be in writing and delivered by email (or other method agreed in an Order Form) to:
       
       1. for SenseOn: legal@senseon.io (or a successor address notified by SenseOn); and
       2. for Customer: the primary contract or billing contact in the applicable Order Form or account settings.
       3. Notices are deemed received when sent, provided no delivery failure notice is received.
    4. Entire agreement. The Customer Contract constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior agreements and understandings relating to that subject matter.
    5. Severance. If any provision is invalid or unenforceable, the remainder remains in force and the parties will replace the invalid provision with a valid one that most closely reflects the intended commercial effect.
    6. No partnership or agency. Nothing in the Customer Contract creates a partnership, joint venture or agency relationship.
    7. Third party rights. The Customer Contract does not give any third party rights under the Contracts (Rights of Third Parties) Act 1999 except as expressly stated.
    8. Equitable relief. Each party acknowledges that a breach of the other party’s Confidential Information or Intellectual Property Rights may cause irreparable harm for which damages may be an inadequate remedy, and the non‑breaching party may seek injunctive or other equitable relief (without prejudice to any other rights or remedies).
    9. Governing law and jurisdiction. The Customer Contract is governed by the laws of England and Wales and the courts of England and Wales have exclusive jurisdiction.
26. SCHEDULE DP: DATA PROCESSING ADDENDUM (UK)
    
    1. DEFINITIONS
    2. In this Schedule DP, the expressions Controller, Processor, Personal Data, Process, Processing, Personal Data Breach and Special Category Data shall have the meanings given to them in the Data Protection Laws.
    3. Customer Personal Data means Personal Data within Customer Data that SenseOn Processes on behalf of Customer under the Customer Contract.
    4. Sub-processor means any Processor engaged by SenseOn to Process Customer Personal Data.
    5. ICO means the UK Information Commissioner's Office.
27. BUSINESS CONTACT INFORMATION (INDEPENDENT CONTROLLERS)
    
    1. In connection with the Customer Contract, each party may Process Personal Data relating to the other party's personnel, predominantly business contact information such as names, business telephone numbers, business email addresses and job titles (Contact Information).
    2. Each party is responsible for determining the purposes and means of its own Processing of Contact Information. Accordingly, each party acts as an independent Controller in respect of its own Processing of Contact Information and neither party is the Processor of the other nor a joint Controller with the other in respect of such Processing.
    3. Each party will Process Contact Information for the purposes of performing its obligations and receiving the benefits of the other party's obligations under the Customer Contract and reasonable related and ancillary purposes, including maintaining communications between the parties.
    4. Each party shall apply and maintain appropriate technical and organisational measures to protect Contact Information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, and shall retain Contact Information only for so long as is necessary for the purposes of the Processing.
    5. 2.5 Each party shall be solely responsible for informing its own personnel (as data subjects) that their Personal Data may be Processed as described above and of their rights relating thereto.
28. CUSTOMER PERSONAL DATA
    
    1. Roles. To the extent SenseOn Processes Customer Personal Data on behalf of Customer for the purposes of providing the Software and any SenseOn-delivered services, Customer is the Controller and SenseOn is the Processor of such Customer Personal Data.
    2. Details of Processing. The subject matter, duration, nature and purpose of the Processing, the types of Customer Personal Data and categories of data subjects are set out in Annex 1 (Details of Processing).
    3. Instructions.
       
       1. SenseOn shall Process Customer Personal Data only on documented instructions of Customer, including Customer's instruction for SenseOn to Process Customer Personal Data as necessary to provide and support the Software (and any SenseOn-delivered services) in accordance with the Customer Contract and the Documentation.
       2. Customer warrants that its instructions are lawful and do not require SenseOn to Process Customer Personal Data in breach of Data Protection Laws.
       3. SenseOn shall inform Customer if it believes an instruction infringes Data Protection Laws and may suspend the relevant Processing unless and to the extent prohibited by law.
       4. Confidentiality. SenseOn shall ensure that personnel authorised to Process Customer Personal Data are subject to appropriate confidentiality obligations (whether contractual or statutory).
    4. Security measures.
       
       1. SenseOn shall implement and maintain appropriate technical and organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Personal Data, taking account of the nature, scope, context and purposes of Processing and the risks to individuals.
       2. The technical and organisational measures applying to the Software (and any SenseOn-delivered services) are set out in Annex 2 (Security Measures).
       3. The parties acknowledge that Annex 2 may be maintained on the SenseOn Trust Centre. SenseOn may update the Security Measures from time to time to reflect changes to the Software/services or SenseOn's security programme, provided that such updates do not materially reduce the overall level of protection for Customer Personal Data.
       4. On request, SenseOn shall provide Customer with a copy of the Security Measures (or relevant extracts) from the SenseOn Trust Centre.
    5. Sub-processors.
       
       1. Customer provides SenseOn with general authorisation to engage Sub-processors to Process Customer Personal Data, as listed in Annex 3 (Sub-processors).
       2. The parties acknowledge that Annex 3 may be maintained on the SenseOn Trust Centre. SenseOn shall maintain the Sub-processor list with (where available) the identity, location and processing purpose of each Sub-processor.
       3. SenseOn shall provide at least ten (10) days' prior notice of any intended addition or replacement of a Sub-processor by:
          
          1. updating Annex 3 on the SenseOn Trust Centre (including the planned effective date); and
          2. emailing Customer's nominated data protection or contract contact (or, if none is nominated, Customer's primary notice contact).
          3. During the notice period Customer may object to the proposed change on reasonable data protection grounds by written notice to SenseOn.
       4. If Customer objects, the parties shall work in good faith to agree a commercially reasonable alternative (which may include use of an alternative Sub-processor, configuration changes, or a phased transition). If the parties cannot reach agreement before the effective date, Customer may terminate the affected part(s) of the Software/services that require the proposed Sub-processor on written notice, without penalty, and with fees payable only up to the effective termination date for the affected part(s).
       5. Where SenseOn engages a Sub-processor, SenseOn shall enter into a written contract with that Sub-processor imposing data protection obligations that are no less protective than those in this Schedule DP, and SenseOn shall remain responsible for the Sub-processor's performance.
    6. Data subject rights. Taking into account the nature of the Processing, SenseOn shall provide reasonable assistance to enable Customer to respond to requests from data subjects to exercise their rights under Data Protection Laws, to the extent Customer cannot do so through use of the Software/services.
    7. Assistance. Taking into account the nature of the Processing and the information available to SenseOn, SenseOn shall provide reasonable assistance to Customer in relation to Customer's obligations regarding:
       
       1. security of Processing;
       2. notification of Personal Data Breaches to the ICO and/or affected individuals;
       3. data protection impact assessments; and
       4. consultations with the ICO, where required.
    8. Personal Data Breach. SenseOn shall notify Customer without undue delay and in any event within forty-eight (48) hours after becoming aware of a Personal Data Breach affecting Customer Personal Data. Notification may be provided in phases as further information becomes available and shall include available information reasonably required by Customer to comply with its breach notification obligations.
    9. Return or deletion at end of Subscription. On termination or expiry of the Customer Contract (or the relevant Subscription), SenseOn shall, at Customer's written option and subject to applicable law, delete or return Customer Personal Data and delete existing copies. Customer acknowledges that Customer Personal Data stored in backups may not be deleted immediately; where deletion from backups is not feasible immediately, SenseOn shall put such backup data beyond use and delete it in accordance with SenseOn's backup deletion cycle.
    10. Audits and compliance information. SenseOn shall make available to Customer information reasonably necessary to demonstrate compliance with this Schedule DP and shall allow for and contribute to audits/inspections, subject to reasonable notice, confidentiality, and minimisation of disruption. Where practicable, SenseOn may satisfy audit requests by providing relevant independent audit reports, certifications, summaries, and/or materials made available via the SenseOn Trust Centre, together with reasonable written responses, with on-site inspections limited to circumstances where remote review is not sufficient.
    11. International transfers (if applicable). SenseOn shall not transfer Customer Personal Data outside the UK (or permit access to Customer Personal Data from outside the UK) except as necessary to provide the Software/services (including via authorised Sub-processors), as instructed by Customer, or as required by law. Where any transfer constitutes a restricted transfer under UK Data Protection Laws and is not covered by adequacy regulations, the parties shall implement an appropriate safeguard mechanism (such as the UK IDTA or the UK Addendum to the EU SCCs) and any required supplementary measures.
    12. Order of precedence. If there is any conflict between this Schedule DP and any other provision of the Customer Contract regarding the Processing of Customer Personal Data, this Schedule DP shall prevail to the extent of the conflict.
29. ANNEX 1: DETAILS OF PROCESSING
    
    1. Subject matter: provision of the Software and any SenseOn-delivered services; support, maintenance and troubleshooting; security, availability and integrity operations; and related contract administration.
    2. Duration: for the Subscription Term (and any applicable export/transition period) plus any legally required retention and routine backup retention/deletion cycles.
    3. Nature of Processing: hosting, collection, organisation, structuring, storage, retrieval, consultation, use, disclosure by transmission, analysis, and deletion/erasure (as applicable).
    4. Purpose(s): to provide and support the Software/services in accordance with the Customer Contract, including detection/analytics workflows, user administration, customer support, and security.
    5. Types of Personal Data: business contact and account information (e.g., names, email addresses, roles); identifiers (e.g., user IDs, device identifiers, IP addresses); logs, telemetry and event data that may include Personal Data depending on Customer configuration and sources.
    6. Categories of data subjects: Customer's Authorised Users (including employees/contractors) and any individuals whose Personal Data is included in Customer Data or telemetry provided by Customer systems.
    7. Special Category Data: not intended to be processed; Customer will not provide Special Category Data unless strictly necessary and permitted by Data Protection Laws.

30. ANNEX 2: SECURITY MEASURES
31. The technical and organisational measures applicable to the Software/services are maintained via the SenseOn Trust Centre.
32. ANNEX 3: SUB-PROCESSORS
33. The Sub-processor list (including, where available, identity, location and processing purpose) is described in Annex 3 and may be maintained via the SenseOn Trust Centre.

END OF OCLA

‍