1. SaaS Agreement.

This Order is subject to the SaaS Agreement signed between the parties, which is incorporated herein by reference.

2. Services.

The Services provided under this Order include the provision of subscription services provided on Supplier’s online portal and limited online support. Services provided under this Order are limited only to Lookalikes (by HR Signal). This Order and the Services do not include any other SaaS services, content, or other software, unless specifically described within this Order form.

3. Terms and Fees.

This term shall commence on the date the Customer consents (by checking a box in the online Sign-Up form) or is deemed to have consented to the terms and conditions of this Agreement and shall continue for the term of the Trial Period (as per clause 3.1. below).

3.1        Trial Period

The Trial Period, shall be fourteen (14) days commencing on the date the Services are first made available to the Customer for use hereunder, and shall automatically terminate upon expiry of such period, unless the access to Services is terminated early in accordance with this Agreement.

3.2        Fees

The access to Services is granted to the Customer free of charge, for the Trial Period, considering Supplier is willing to allow the Customer to gain a more thorough understanding of the features and capabilities of the Services prior to purchasing a paid subscription.

---

Lookalikes (by HR Signal) Software-as-a-Service Agreement

This Software-as-a-Service Agreement (“SaaS Agreement”) and applicable attachments or orders (“Order”) are the complete agreement regarding transactions under this agreement (together, the “Agreement”) under which Customer may order Services. Orders detail the specifics of transactions, such as charges and a description of the Services.

1. Services.

1. In consideration with the applicable Order, Supplier hereby provides the Services to Customer.
2. “Services” means Supplier’s subscription services made available via the internet as described in an Order. Services include data, documents, or other materials that Supplier provides to Customer (“Materials”).
3. The Services are available only to Authorized Users. “Authorized User” means employees (and any independent contractors performing functions comparable to employees in the ordinary course of business) of Customer and its affiliates who: (a) are authorized by Supplier; (b) are bound by the Agreement; Each authorized user will have their own subscription and is allowed to use the service only through their individual account.
4. Customer may access the Services only to the extent authorized by Supplier. Customer is responsible for its own use of Services. Customer is responsible for its actions and the contents of its transmissions through the Services. Customer is responsible for the compliance of Customer Content with this Agreement, including content uploaded by its users.
5. Customer may not: (a) duplicate, disassemble, reverse engineer, or otherwise reproduce without authorization any portion of the Services; (b) resell direct access to the Services to a third party; (c) scrape, steal, or copy Services without authorization; (d) disclose any performance data relating to the Services; (e) sell or transfer to another third party Services in violation of this Agreement; (f) modify, remove, or deface any logos, trademarks, or copyrights from the Services, or (g) build a product, service, or offering that competes with Supplier or Services.
6. Customer may not use the Services for: (a) defamatory, harassing, abusive, threatening, obscene, hateful, sexist, offensive, or fraudulent content or activity; (b) activity that violates or infringes upon the rights of third parties; (c) activity that violates applicable law; (d) sending viruses, spyware, or similar computer programming routines; (e) discrimination, unfair treatment, or unlawful or improper hiring, firing, suspension, promotion, or treatment of employees, contractors, or associates; or (f) any purposes inconsistent with this Agreement.
7. Customer may not use Services for any purpose regulated under the Fair Credit Reporting Act, including, without limitation, as a factor in (a) establishing an individual’s eligibility for credit or insurance or assessing risks associated with existing credit obligations, (b) evaluating an individual for employment purposes, (c) determining an individual’s eligibility for a license or other benefit that depends on an applicant’s financial responsibility or status, or (d) for any other purposes subject to the Fair Credit Reporting Act.

2. Customer Responsibilities.

1. Customer is hereby provided with limited access to the Services subject to the Agreement. Subject to the terms of the Agreement, Supplier hereby provides to Customer a limited, non-exclusive, non-transferrable (except as explicitly permitted under the assignment provision of the Agreement), revocable-at-any-time (for material breach of this license or the Agreement) license during the term of the applicable Order to access and use the Materials for human resources purposes and no other purpose. Except as otherwise stated in this section, Customer does not obtain any other rights to the Services or Materials.
2. “Customer Content” means all content or information that Customer provides or authorizes access to for the Services. Except as otherwise provided in the Order, Customer hereby grants Supplier a limited, non-exclusive, royalty-free, transferrable, revocable upon the termination of the Agreement license to access, display, store, share, transmit, or otherwise use or process Customer Content to provide or improve the Supplier’s Services. Customer warrants that it has the right and authority to provide Customer Content and that such materials do not infringe the rights of others or violate applicable law.
3. Customer is responsible for obtaining all necessary rights and permissions to enable, and grants such rights and permissions to, Supplier, its affiliates, and their respective contractors and vendors to use, provide, store, and otherwise process Customer Content in the Services. This includes Customer making necessary disclosures and obtaining consent, if required, before providing individuals’ information to Supplier.
4. Customer is responsible for: (a) assessing the suitability of Services for Customer’s intended use; (b) taking necessary actions to order, enable, or use available features appropriate for its use of the Services; and (c) complying with applicable law. Supplier is not a consumer reporting agency.

3. Confidentiality.

1. “Confidential Information” means trade secrets, know-how, proprietary information, formulae, processes, techniques, and information concerning past, present, and future marketing, financial, research, and development activities that may be disclosed, orally or in writing, to each other. Confidential Information excludes information that (a) was previously known to the receiving party without an obligation of confidence; (b) was independently developed by or for the receiving party without the use of Confidential Information; (c) was lawfully acquired by the receiving party from a third party which is not under an obligation of confidence with respect to such information; or (d) is or becomes publicly available through no fault of the receiving party without a breach of the Agreement.
2. Supplier shall maintain the privacy, security, and confidentiality of Confidential Information in accordance with the Agreement and its policies.
3. Customer shall maintain the privacy, security, and confidentiality of Confidential Information and its access to the Services. Customer shall use strong and secure passwords and keep them secure and confidential. Customer shall promptly notify Supplier in the event of a security breach or unauthorized use of their account. Customer is responsible for any damages incurred as a result of the unauthorized use of their account. The Agreement and Services are a valuable trade secret and confidential proprietary property of Supplier. Customer agrees to access and use Supplier’s Services only as provided in this Agreement and to safeguard Supplier’s trade secrets and confidential proprietary property.

4. Charges and Payment.

1. As set forth in the Order, Services during the term (Trial Period) will be provided to Customer free of charge.

5. Warranties.

1. Each party warrants to the other that this Agreement has been duly executed and delivered and constitutes a valid and binding agreement enforceable against such party in accordance with its terms.

6. Warranty Disclaimer.

1. The Services are made available under the agreement as is and as available, without warranties of any kind, either express or implied. Supplier expressly disclaims all express and implied warranties, including, without limitation, warranties or conditions of satisfactory quality, merchantability, non-infringement, title, and fitness for a particular purpose for the Services.
2. Supplier does not warrant (a) uninterrupted, timely, or error-free Services, (b) that Supplier will correct any defects or prevent third-party disruptions or unauthorized third-party access, or (c) that Services are secure, available, accurate, private, confidential, appropriate, reliable, or complete.

7. Indemnity.

1. Customer shall defend, indemnify, and hold Supplier, its affiliates, subsidiaries, their respective officers, directors, employees, agents, contractors, successors, and assigns harmless from and against any and all damages, losses, fines, penalties, costs, expenses, liabilities, and other fees (including, without limitation, reasonable legal fees) arising from or relating to any actual, alleged, or threatened claims, demands, investigations, or causes of action by third parties arising from or relating to Customer’s use of the Services.
2. If a third party asserts a claim against Customer that services offered by Supplier infringe a patent, copyright, or trademark, Supplier will defend Customer against that claim and pay amounts finally awarded by a court against Customer or included in a settlement approved by Supplier, provided that Customer promptly (a) notifies Supplier in writing of the claim, (b) supplies information requested by Supplier, and (c) allows Supplier to control, and reasonably cooperates in, the defense, settlement, and mitigation.
3. Supplier’s obligation to defend does not apply to any claim based on (a) Customer’s combination of Services with data, software, or documentation not supplied, recommended, documented, or approved by Supplier; or (b) Customer’s unauthorized modifications to the Services. Supplier may, at its sole expense and sole discretion, (i) procure for Customer the right to continued use of such Services as contemplated herein, (ii) replace or modify such Services such that the alleged infringing portion thereof becomes non-infringing (iii) replace the infringing Item with a functionally equivalent non-infringing item, or (iv) terminate the Agreement and refund to the Customer any prepaid unused fees.
4. This section 7 describes Customer’s sole remedy against Supplier relating to third-party claims of patent, copyright, or trademark infringement.

8. Limitation of Liability.

1. Where permitted by applicable law, except for (a) Customer’s obligations relating to payment, (b) Customer’s obligations under sections 1.5, 1.6, and 1.7, (c) Customer’s indemnity obligations, neither party is liable for special, incidental, exemplary, indirect, or consequential damages, including but not limited to loss of profits, business, reputation, opportunities, value, revenue, goodwill, or anticipated savings; or cost of replacement services. These limitations apply regardless of whether either party was advised of the possibility of such losses or damages or such losses or damages were otherwise foreseeable. Where permitted by applicable law, Supplier's entire liability for all claims arising from or relating to the agreement will not exceed 6 months’ services fees paid by Customer to Supplier, regardless of the basis of the claim.

9. Privacy and Security.

1. Supplier shall use commercially reasonable efforts comply with its Privacy Policy, the information security policy in Exhibit A, and applicable laws applicable to the provision of its Services in the United States.
2. Customer shall use commercially reasonable efforts to comply with its own privacy policy and applicable data privacy laws applicable to the use of Materials and personal information. Customer shall allow individuals to exercise their rights under applicable law, including, without limitation, notice, access, deletion, or correction.

10. Changes.

1. Customer acknowledges and agrees that: (i) Services may have limited functionality and reduced or altered features; (ii) the proper functionality of Services may be interrupted for evaluation, review, and maintenance purposes; and (iii) Supplier may introduce new or remove existing features or functionality to or from Services, in each case in its sole discretion. This Agreement does not entitle Customer to any guaranteed service level availability, support, maintenance, upgrades, or modifications for Services.

11. Term and Termination.

1. The term of the SaaS Agreement begins upon execution and continues until terminated as described below. Termination of this SaaS Agreement by either party automatically terminates all Orders.
2. The term of the Agreement is set forth in the Order.
3. Supplier may immediately, in its sole discretion and without prior written notice, temporarily suspend or limit Customer's use of the Services or the Agreement where Supplier reasonably suspects a breach of the Agreement. Supplier shall provide notice of the actions Customer must take to reinstate the Services. Supplier may terminate the Services or this Agreement without any additional liability for Customer’s failure to take required actions.
4. The Agreement automatically terminates upon the liquidation or insolvency of either party or the appointment of a trustee or receiver for either party.
5. Upon termination of the SaaS Agreement or applicable Order: (a) Supplier may immediately terminate Customer’s access to Supplier’s Services; and (b) Customer shall immediately cease using any portion of Supplier’s Services.

6. Promptly upon termination, Customer shall securely delete or destroy the Materials it has already incorporated into its systems or used for its business purposes. Upon request, Customer shall certify such deletion or destruction by its Chief Information Technology Officer, or equivalent, of Customer.
7. Promptly upon termination, Supplier shall securely delete or destroy Customer Content. Upon request, Supplier shall certify such deletion or destruction by its Chief Information Technology Officer, or equivalent, of Supplier.

12. Governing Law.

1. This Agreement is governed by the laws of the State of Ohio, United States, without regard to conflict of law principles. Subject to section 12.3 below, the parties submit to the exclusive jurisdiction of, and venue in, the state or federal courts located in Cuyahoga County, Ohio, in any action or proceeding arising from or relating to this Agreement.  The United Nations Convention for the International Sale of Goods does not apply to this Agreement.
2. Either party may seek injunctive or other equitable relief for actual or threatened breach of confidentiality, security, or intellectual property protections hereunder by Customer under the Agreement.
3. Except as otherwise stated in section 12.2 above, any dispute, claim, or controversy arising from or relating to the Services or this Agreement will be settled in binding arbitration between them in accordance with the commercial arbitration rules and procedures of the American Arbitration Association, as modified by this Agreement. The arbitrator may award relief (including monetary, injunctive, and declaratory relief) only in favor of the party seeking relief and only to the extent necessary to provide relief necessitated by that party’s individual claim or claims. Judgment upon the award rendered by the arbitrator may be entered in any court having jurisdiction thereof. The choice of law and venue provision in section 12.1 does not apply to the arbitration provision or any arbitrable disputes described herein. Instead, the Federal Arbitration Act applies to such disputes.

4. Each party irrevocably waives, to the fullest extent permitted by applicable law, any and all right to trial by jury in any legal proceeding arising from or relating to this Agreement.

13. General.

1. This Agreement constitutes the entire agreement of the parties and supersedes all prior or contemporaneous understandings, representations, discussions, or agreements between the parties relating to its subject matter.
2. In the event of a conflict between the Order and the SaaS Agreement, the Order governs.
3. If any provision of the Agreement is invalid or unenforceable, the remaining provisions remain in full force and effect.
4. The waiver of a breach of any term of the Agreement, which must be in writing, will not operate as or be construed to be a waiver of any other previous or subsequent breach of the Agreement.
5. Customer agrees not to hire or attempt to hire for employment, either directly or indirectly, an employee, agent, or contractor of Supplier during the term of this Agreement and for a period of 2 years after termination of this Agreement.
6. Supplier is an independent contractor. Customer is responsible for its use of Supplier Services. Each party is responsible for determining the assignment of its and its affiliates’ personnel, and their respective contractors and vendors, and for their direction, control, and compensation.
7. Supplier owns the information generated as a result of the use of its Services. Supplier may only internally use this information for providing or improving the Services, but not share it externally in violation of the Agreement.
8. Except as otherwise provided herein, Customer may not assign the Agreement, in whole or in part, without the prior written consent of Supplier. Either party may assign the Agreement with 30 calendar days’ prior written notice to the other party upon a merger, acquisition, or purchase or sale of substantially all of its assets so long as such transaction is not with a competitor of the non-assigning party. Supplier may assign the Agreement at its sole discretion. Any assignment, transfer, or delegation in violation of this section is void.
9. All notices under the Agreement must be in writing and sent to the business address specified in the Agreement, unless a party designates a different address in writing.
10. This Agreement may be executed in two or more counterparts, all of which when taken together shall be considered one and the same agreement and become effective when counterparts have been signed by each party and delivered to the other party.
11. The parties consent to the use of electronic signatures (including use of online form checkboxes) and communication. Any reproduction of the Agreement made by reliable means is considered an original.
12. This Agreement does not create any third-party rights. Neither party will bring a legal action arising from or relating to the Agreement more than two years after the cause of action arose.
13. Any terms that by their nature extend beyond the Agreement termination remain in effect until satisfied and apply to successors and assignees.
14. Unless Customer requests otherwise in writing in advance, Customer authorizes Supplier to use Customer’s logo, name, or trademark on its website or other media as a customer.
15. Neither party is responsible for failure to fulfill its obligations under the Agreement due to causes beyond its control, except that Customer’s payment obligations hereunder may not be delayed under such causes beyond 15 calendar days.
16. The parties hereto are sophisticated, commercial parties. The Agreement will not be construed against the drafter.
17. Parties acknowledge that they have read the Agreement, understand it, and agree to be bound by its terms. The person signing on behalf of each party is authorized to do so.

---

Exhibit A

Security Measures

Supplier has implemented and maintains the following security measures for User Data in the Services in its primary data processing facilities. The commitments in this exhibit are Supplier’s only responsibility with respect to the security of User Data in the Services.

User Data means personal information relating to identifiable individuals available through the Services. Security Incident means a confirmed breach of security leading to unauthorized acquisition or access to personal information maintained by Supplier in its Services.

Subject	Description
Responsibility of Information Security	Security Ownership. Supplier has appointed personnel in charge of information security who are responsible for coordinating, monitoring, administrating, reviewing, and updating the security rules and procedures. Security Roles and Responsibilities. Supplier personnel with access to User Data are subject to confidentiality obligations. Safeguards. Supplier maintains reasonable and appropriate safeguards designed to meet applicable laws. Service Providers. Supplier requires service providers to contractually maintain adequate safeguards, and monitors to verify compliance.
Asset Management	Asset Inventory. Supplier maintains an inventory of primary data processing facilities on which User Data is stored. Access to such systems and media is restricted to Supplier personnel authorized to have such access. Asset Handling. –        Supplier classifies User Data to help identify it and to allow for access to it to be appropriately restricted. –        Supplier imposes restrictions on sharing User Data and has procedures for the secure disposal of User Data. Supplier personnel have been instructed to obtain authorization prior to storing User Data on portable devices, remotely accessing User Data, or processing User Data outside Supplier’s facilities.
Environmental Security	Access to Facilities. Supplier has processes in place to limit access to information systems that process User Data. Protection from Disruptions. Supplier uses a variety of systems designed to protect against interruption, disruption, or loss of Information. Component Disposal. Supplier uses appropriate processes to delete or securely dispose of User Data when it is no longer needed.
Management of Operations	Data Recovery Procedures. –        Supplier stores copies of User Data and data recovery procedures in a different place from where the primary computer equipment processing the User Data is located. –        Supplier has specific procedures in place governing access to copies of User Data. –        Supplier reviews and tests data recovery procedures at least annually and after every major infrastructure change. Malicious Software. Supplier has anti-malware controls to help avoid malicious software gaining unauthorized access to User Data, including malicious software originating from public networks. Event Logging. Supplier logs, or enables User to log, access, and use of information systems containing User Data.
Access Control	Access Policy. Supplier maintains a record of security privileges of individuals having access to User Data. Access Authorization –        Supplier maintains and updates a record of personnel authorized to access Supplier systems that contain User Data. –        Supplier deactivates authentication credentials that have not been used for a period of time not to exceed six months. –        Supplier identifies those personnel who may grant, alter, or cancel authorized access to data and resources. –        Supplier ensures that where more than one individual has access to systems containing User Data, the individuals have separate identifiers or log-ins. Least Privilege. Supplier restricts access to User Data to only those individuals who require such access to perform their job function. Integrity and Confidentiality. Supplier takes measures designed to secure administrative sessions, including locking active sessions when left unattended and storing password securely. Authentication. –        Supplier uses variety of practices to identify and authenticate users who attempt to access information systems. –        Where authentication mechanisms are based on passwords, Supplier requires that the passwords are changed regularly. –        Where authentication mechanisms are based on passwords, Supplier requires strong passwords. Network Design. Supplier has controls to avoid individuals assuming access rights they have not been assigned to gain access to User Data they are not authorized to access.
Incident Response	Incident Response Process. –        Supplier logs and audits, as appropriate, all security related events and incidents for appropriate follow up. –        Supplier maintains a record of Security Incidents, including a description, the time period, the consequences. –        For each security breach that is a Security Incident, notification by Supplier will be made without undue delay after having become aware of the breach, unless sooner required by applicable law. Service Monitoring. Supplier security personnel verify logs at least every six months to propose remediation efforts if necessary.

---

Exhibit B

1. Additional Provisions for California Personal Information Where Supplier is a Service Provider.

1. This section will apply only with respect to California Personal Information.
2. “CCPA” means California Civil Code Sec. 1798.100 et seq. (also known as the California Consumer Privacy Act of 2018).
3. “California Personal Information” means personal data that is subject to the protection of the CCPA.
4. "Consumer", "Business", “Business Purpose”, "Sell", and "Service Provider" will have the meanings given to them in the CCPA.
5. Supplier shall comply with Customer’s instructions as provided under the Agreement. Supplier will process the personal information that Customer directly provides to Supplier through the Services as a service provider (or processor) for the purpose of performing the Services under the Agreement or as otherwise permitted or required under applicable law.
6. Supplier will process the Customer’s California Personal Information as a Service Provider for the purpose of performing the Services under the SaaS Agreement (the Business Purpose) or as otherwise permitted or required under the CCPA.
7. Customer and Supplier agree that for the purposes of the CCPA, the transfer of Customer’s California Personal Information from the Customer to the Supplier pursuant to this Data Processing Agreement is not a sale of Personal Information to the Supplier. Supplier agrees not to sell the personal information that Customer directly provides to Supplier through the Services pursuant to this Agreement.
8. Supplier will not retain, use, or disclose personal information that Customer directly provides to Supplier through the Services under this Agreement for any purpose other than for the specific purpose of providing Services and as permitted under applicable law or Agreement, including retaining, using, or disclosing the personal information for a commercial purpose other than providing the Services specified in the Agreement. Supplier will not retain, use, or disclose the personal information that Customer directly provides to Supplier through the Services under the Agreement outside of Supplier’s direct business relationship with Customer. Supplier will not combine the personal information that Customer directly provides to Supplier through the Services pursuant to the SaaS Agreement with other personal information that Supplier receives from or on behalf of another person or persons or collects from its own interactions with a consumer, except as specifically permitted under applicable law. Customer may monitor Supplier’s compliance with the Agreement or applicable law using any available information security documentation that Customer may request from Supplier. The Supplier shall comply with applicable laws, including the CCPA, and provide the same level of privacy protection as is required by the CCPA. If Supplier determines that it can no longer meet its obligations under applicable laws, including the CCPA, then Supplier shall notify the Customer. If Customer determines that Supplier has materially breached its obligations relating to use of Personal Information as provided under the SaaS Agreement, then Customer may exercise the rights provided under the SaaS Agreement.
9. Supplier has read and understands the requirements of the CCPA. The foregoing requirements under this section 11 do not apply to personal information Supplier provides to Customer (or to Supplier’s other customers) or any other personal information that Supplier has, collects, transfers, shares, or otherwise processes (now or in the future).

2. Additional Provisions for California Personal Information Where Supplier is a Business.

1. With respect to the Personal information that Supplier sells or otherwise makes available to the Customer arising from or relating to its Services (as separate from the personal information that Customer directly provides to Supplier under Section 11), the parties agree that (a) the personal information is sold or disclosed by the business only for limited and specified purposes; (b) the Customer shall comply with applicable laws, including the CCPA, and provide the same level of privacy protection as is required by the CCPA; (c) the Supplier may take reasonable and appropriate steps to help ensure that the Customer uses the personal information transferred in a manner consistent with the Supplier’s under applicable laws, including the CCPA; (d) If Customer determines that it can no longer meet its obligations under applicable laws, including the CCPA, then it shall notify the Supplier; and (e) upon prior written notice, where practicable, the Supplier may take reasonable and appropriate steps to stop and remediate unauthorized use of personal information as further described under the SaaS Agreement.