Multiple AI Bots

Create Modern Support Experience Through AI Businesses these days receive hundreds and even thousands of customer queries daily. For any customer service representative, it becomes tremendously difficult to keep track of these issues, specifically because of the three Vs Volume Velocity and Variety With inconsistent similarities between large amounts of incoming data along with the frequency of product updates, it adds exponential complexity to the process of unearthing trends in the data. This data can be created from various data sources including customer-created tickets, service requests, bots, customer reviews, case objects from different CRMs, help articles, or even FAQs. While these datasets share the same ground of belonging to customer interactions, they all can have extreme differences in terms of unearthing actual actions to be derived from them. At Ascendo, we call these as “Interactions”. What is common across these interactions is that they deal with symptoms/problems/questions/advice that a customer needs. Each of them needs an understanding of what the “root-cause” of the request is. Then the root cause should be mapped to the relevant solution/knowledge to surface it back to the customer. We will be going into topics like: Semantic Inference - what is it? Real world Examples of Semantic Inference How does this help with Support time and effort, Product teams and Go-to-market teams How does an AI engine use the above? What help does this provide to an agent? How do AI systems comprehend data? What help does this do to CX leaders? What if you are starting out with no systems in place? To read more of this, please read the full whitepaper. More White Papers Auto categorization 01 Ascendo brings to you one of its most utilized and successful components, Auto Categorization, that is built on state of the art Natural Language Processing techniques and Deep Learning algorithms. AI Based Modern Support Experience 02 Businesses these days receive hundreds and even thousands of customer queries daily. Get started to transform complicated client communications on Slack to smooth, AI assisted interactions 03 Should Companies use Slack or Teams with Their Customers? Escalation Management Guide for proactive support teams 04 The term escalation refers to the action where the issue and the details of a customer interaction is sent higher up the chain, sometimes to the CEO level. View All Scaling Technical Support Smarter: Anjuna Security’s AI-Driven Success Story In the dynamic world of cloud security, delivering cutting-edge solutions isn’t enough—technical support must match the pace of... The Future of AI in Technical Support: Big Ideas for 2025 As we step into 2025, the role of AI in customer support is not just about keeping pace with change; it’s about reshaping the very... Our Blog Here is your go-to guide on what's latest and greatest in delivering superior customer service with the power of artificial intelligence. Catch some invaluable industry insights, and take it forward on your social media channels! Read all Ready to learn more? Contact Us

Ascendo AI Empowers Anjuna Security with Technical Support AI Coworkers Anjuna Security, a multi-cloud data security provider, struggled with scaling technical support for their complex hardware-assisted isolation platform. Their small team needed a solution to handle growing technical inquiries while efficiently managing product knowledge. Partnering with Ascendo AI, they implemented knowledge agents, Slack integration, and Cognitive Privacy agents. This transformed their support operations by enabling quick access to technical information, automating knowledge creation, and enhancing data protection during customer interactions. The partnership yielded impressive results, with Anjuna exceeding support KPIs in resolution times and first-touch resolutions. The collaboration continues to evolve with plans for enhanced privacy solutions and predictive support features, as validated by Anjuna's Director of Customer Success. To learn more about how Ascendo AI transformed Anjuna Security's technical support while strengthening their privacy offerings, read the complete case study Ready to learn more? Contact Us

Where Experience speaks Dialogue About E xperience D ialogue! In these interactions, we pick a hard topic that doesn’t have really a straightforward answer. We then bring in speakers who have been there, and seen this but approached it in very different ways. This is a space for healthy disagreements and discussions but in a respectful way. Just by the nature of how we have conceived this, you will see passionate voices of opinions, friends having a dialogue and thereby even interrupting each other or finishing each other’s sentences. Our Mission "At the end of each dialogue, we want you and our audience to leave with valuable insights and approaches that you can try at your workplace- and continue the discourse in our slack channels! " 11 LinkedIn groups 5 Slack Channels Continuous Engagement 4818 members in leadership Our Support Community Total audience of 330K READY FOR PROACTIVE SUPPORT? Connect Now First Name Last Name Email Submit Thanks for submitting! GPT (Generative Pre-trained Transformer) prompts and associated best-knowledgeable posts. Dated : 19th Jan 2023 Duration : 35 Minutes Turning customer service into profit center Read Summary There is excitement on many tech and business channels on ChatGPT from Open.AI. Dated : 20 December 2022 Duration : 24 Minutes ChatGPT and the future of Customer Support Read Summary “Support today reacts to external metrics rather than proactively creating and using data” Dated : 1st December 2022 Duration : 48 Minutes Using proactive metrics for support operations Read Summary Learn how to use everyday interactions , to automate creating knowledge, and spreading knowledge to help colleagues and serve customers efficiently. Utilize knowledge objects in Salesforce to be able to bring value to Slack. Dated : 10th November 2022 Duration : 16 Minutes Automation Dreamin' 2022 Knowledge Intelligence with Salesforce and Slack. Read Summary In these interactions, we pick a hard topic that doesn’t really have a straightforward answer. We then bring in speakers who have been there, seen this but approached it in very different ways. Dated : 27th October 2022 Duration : 30 Minutes Using AI to Drive Service Improvements Read Summary Essential for any business in discovering markets and developing products. Dated : 11th August 2022 Duration : 54 Minutes The voice of the customer in discovering markets, developing products Read Summary A series of tasks can be delegated to a group of users at different measures Dated : 28th June 2022 Duration : 32 Minutes Customer Playbooks: When is it useful and how to create one that evolves? Read Summary Facilitates the ability to keep customers satisfied and to retain them. Dated : 10th June 2022 Duration : 30 Minutes Deepdive Voice of the Customer Playbook Read Summary Whether it is a small or a larger organization, diverse talent or hiring should be important for real growth. Dated : 7th April 2022 Duration : 57 Minutes How to Attract and Hire Diverse Talent? Read Summary An organization that sees its customer service department as a cost center is ignoring a significant opportunity to increase customer loyalty and lifetime value. Dated : 10th March 2022 Duration : 42 Minutes Growth Through Support Dialogue Read Summary The pandemic has taught us innovative ways to connect with key customers more than ever before. Dated : 5th May 2022 Duration : 61 Minutes Strategies to manage difficult situations with key customers Read Summary Does your client portfolio include international customers or do you expect it to in the future? Dated : 25th May 2022 Duration : 25 Minutes Cultural changes that we see within CX in the African continent Read Summary

Download AI Based Modern Support Experience Get started to transform Support from reactive to proactive. Please enter your business email ID Please enter a valid name with alphanumeiric value Scaling Technical Support Smarter: Anjuna Security’s AI-Driven Success Story In the dynamic world of cloud security, delivering cutting-edge solutions isn’t enough—technical support must match the pace of... The Future of AI in Technical Support: Big Ideas for 2025 As we step into 2025, the role of AI in customer support is not just about keeping pace with change; it’s about reshaping the very... Our Blog Here is your go-to guide on what's latest and greatest in delivering superior customer service with the power of artificial intelligence. Catch some invaluable industry insights, and take it forward on your social media channels! Read all More White Papers Auto categorization 01 Ascendo brings to you one of its most utilized and successful components, Auto Categorization, that is built on state of the art Natural Language Processing techniques and Deep Learning algorithms. AI Based Modern Support Experience 02 Businesses these days receive hundreds and even thousands of customer queries daily. Get started to transform complicated client communications on Slack to smooth, AI assisted interactions 03 Should Companies use Slack or Teams with Their Customers? Escalation Management Guide for proactive support teams 04 The term escalation refers to the action where the issue and the details of a customer interaction is sent higher up the chain, sometimes to the CEO level. View All Ready to learn more? Contact Us Businesses these days receive hundreds and even thousands of customer queries daily. For any customer service representative, it becomes tremendously difficult to keep track of these issues, specifically because of the three Vs Volume Velocity and Variety With inconsistent similarities between large amounts of incoming data along with the frequency of product updates, it adds exponential complexity to the process of unearthing trends in the data. This data can be created from various data sources including customer-created tickets, service requests, bots, customer reviews, case objects from different CRMs, help articles, or even FAQs. While these datasets share the same ground of belonging to customer interactions, they all can have extreme differences in terms of unearthing actual actions to be derived from them. At Ascendo, we call these as “Interactions”. What is common across these interactions is that they deal with symptoms/problems/questions/advice that a customer needs. Each of them needs an understanding of what the “root-cause” of the request is. Then the root cause should be mapped to the relevant solution/knowledge to surface it back to the customer. We will be going into topics like: Semantic Inference - what is it? Real world Examples of Semantic Inference How does this help with Support time and effort, Product teams and Go-to-market teams How does an AI engine use the above? What help does this provide to an agent? How do AI systems comprehend data? What help does this do to CX leaders? What if you are starting out with no systems in place? To read more of this, please read the full whitepaper. Download now Create Modern Support Experience Through AI

Insights from your CRM Enable agents to get resolution suggestions right from your CRM. Highlight the right pieces of knowledge pertinent to problem resolution. Capture tribal knowledge to drive consistency across agents of various ability and tenure. Standardize quality of resolution. Use it from Simple to Complex issues Get fully automated Knowledge intelligence to only improve knowledge that is relevant to issue trends. Granular Ability ready for the enterprise to provide knowledge access across various systems of record, business units and product groups. Chrome Extension Get the power of AI without leaving your workflow environment. Sign up for free Trusted by AI for CRM With Ascendo Chrome extension your Customer Service Experience Management takes to the next level. Artificial Intelligence, Machine Learning, Natural Language Processing (NLP) and Natural Language Understanding (NLU) are used to provide predictions on solution, root cause category, sub category for any ticket or case in your Customer Relationship Management (CRM) or other ticketing software. Along with issue resolution as agent assist, support agents can also know the technical support expert. Sign up for free Get started with Ascendo Today Contact us

Security Read Below SLA GDPR Privacy User Privacy Security Policies Terms Subprocessor Policy DPA This document outlines the service level agreement for CUSTOMERs provisioned with Hosted Services with ASCENDO.AI. This document contains the Service Level Agreement for ASCENDO.AI. Please read it carefully as this is the official agreement in force at the present time. The agreement listed below supersedes any other written document you may have prior to today’s date. Exhibits to this agreement are also available highlighting additional terms. If you have questions or comments about this agreement, please do not hesitate to contact us. SLA Objective THIS SERVICE LEVEL AGREEMENT (“Agreement” or “SLA”) shall apply to all Hosted Services provided by ASCENDO.AI expressly as an addendum to the ASCENDO.AI’s Software As A Service (“SaaS”) for each customer/client/ / /administrator/end-user/user (“CUSTOMER”). ASCENDO.AI is committed to providing a highly available and secure network to support its CUSTOMERs. Providing the CUSTOMER with consistent access to Hosted Services is a high priority for ASCENDO.AI and is the basis for its commitment in the form of an SLA. The SLA provides certain rights and remedies in the event that the CUSTOMER experiences service interruption as a result of the failure of ASCENDO.AI infrastructure. The overall service availability metric is 99.99%, measured on a monthly basis. Term Definitions For the purpose of this Service Level Agreement, the terms in bold are defined as follows: Available or Availability When the CUSTOMER who’s account is active and enabled has reasonable access to the Hosted Service provided by ASCENDO.AI, subject to the exclusions defined in Downtime Minutes below. Total Monthly Minutes The number of days in the month multiplied by 1,440 minutes per day. Maintenance Time The time period during which the Hosted Service may not be Available each month so that ASCENDO.AI can perform routine maintenance to maximize performance is on an as-needed basis. Downtime The total number of minutes that the CUSTOMER cannot access the Hosted Service. The calculation of Downtime Minutes excludes time that the CUSTOMER is unable to access the Hosted Services due to any of the following: (a) Maintenance Time (b) CUSTOMER ‘sown Internet service provider (c) Force Majeure event (d) Any systemic Internet failures (e) Enhanced Services (f) Any failure in the CUSTOMER ‘sown hardware, software or network connection (g) CUSTOMER‘s bandwidth restrictions (h) CUSTOMER‘s acts or omissions (i) Anything outside of the direct control of ASCENDO.AI Cloud Providers The infrastructure inside or major hosting providers – Amazon, Google, or Microsoft. Problem Response Time The time period after ASCENDO.AI’s confirmation of the Service event, from receipt of the information required from the CUSTOMER for ASCENDO.AI’s Support Team to begin resolution and open a trouble ticket in ASCENDO.AI’s systems. Due to the wide diversity of problems that can occur, and the methods required to resolve them, problem response time IS NOT defined as the time between the receipt of a call and problem resolution. After receiving a report of fault, ASCENDO.AI shall use a reasonable method to provide CUSTOMER with a progress update. Affected Seats ASCENDO.AI’s Hosted Service is provided in a multi-tenant architecture where seats or applications of a CUSTOMER‘s domain may be extended across numerous servers. CUSTOMER may obtain remedy only for affected seats or applications residing on the server experiencing Downtime exceeding the SLA. Maintenance Notices ASCENDO.AI will communicate the date and time that ASCENDO.AI intends to make the Hosted Services un-Available via email from customer.service@ascendo.ai at least forty-eight (48) hours in advance (or longer if practical). The CUSTOMER understands and agrees that there may be instances where ASCENDO.AI needs to interrupt the Hosted Services without notice in order to protect the integrity of the Hosted Services due to security issues, virus attacks, spam issues, or other unforeseen circumstances. Below are the Maintenance Windows and their definitions: Emergency Maintenance These change controls happen immediately with little notification ahead of time; however, we will post the information to the website soon after or during the change. Preventative Maintenance These change controls are when we detect an item in the environment that we need to take action on, to avoid emergency change controls in the future. These change controls, if possible, will usually occur in low peak hours with the peak being defined by our network metrics. Planned Maintenance These are change controls being done to: Support ongoing product and operational projects to ensure optimal performance Deploy non-critical service packs or patches. Periodic redundancy testing. As a practice, Ascendo reserves the right to perform maintenance weekly on Sundays between the time of 7 PM Pacific to 10 PM Pacific. In addition to that window, if an additional maintenance window is required, where possible planned maintenance will be posted 5 days prior; however, certain circumstances may preclude us from doing so, such as an external vendor issuing a change control to ASCENDO.AI, e.g. the power company alerting us to perform power testing 48 hours ahead of time. CUSTOMER Responsibility Minimum Requirements The required configurations CUSTOMER must have to access the Hosted Services include: Internet connection with adequate bandwidth Internet Browser Standard Service Levels Term of the Service Level Agreement This Service Level Agreement shall only become applicable to the Hosted Services upon the later of (a) completion of the “stabilization period,” as such term is defined in the Statement of Work (if any), or (b) ninety (90) days from the provisioning of Hosted Services. Category Level Criteria: Unplanned interruption rendering the Services un-Available; no workaround Problem Response Time: Will respond and begin remedy the problem within four hours; will establish escalation call for a status update until resolution. If ASCENDO.AI provides the Customer with an acceptable workaround then such an error will be re-classified as a Sev 2 issue. Category Level Criteria: Unplanned interruption rendering the Services un-Available; workaround available Problem Response Time: Will respond and begin to remedy within one business day of receipt of such a request. We will provide periodic updates via the scheduled maintenance window. Category Level Criteria: Services are un-Available for a single User or a small percentage of CUSTOMER affected. Problem Response Time: Will respond and begin to remedy within one week of the request. We will provide periodic updates via the scheduled maintenance window. Service Levels – Enterprise Term of the Service Level Agreement This Service Level Agreement shall only become applicable to the Hosted Services upon the later of (a) completion of the “stabilization period,” as such term is defined in the Statement of Work (if any), or (b) ninety (90) days from the provisioning of Hosted Services. The Enterprise service levels are an extension of the standard service levels and need to be purchased separately. Measurement ASCENDO.AI uses a proprietary system to measure whether the Hosted Services are Available and the CUSTOMER agrees that this system will be the sole basis for the resolution of any dispute that may arise between the CUSTOMER and ASCENDO.AI regarding this Service Level Agreement. Availability is calculated based on the following formula: A = (T – M – D) / (T – M) x 100% A = Availability T = Total Monthly Minutes M = Maintenance Time D = Downtime Problem Response Time The response time per incident will vary upon the degrees defined below: We will also perform a Quarterly Business Review on the overall Service Levels with the customer contact Remedy and Procedure The CUSTOMER’s remedy and the procedure for obtaining the CUSTOMER’s remedy in the event that ASCENDO.AI fails to meet the Service level metrics set forth above are as follows: To qualify for remedy: (a) There must be a support ticket documenting the event within 24 hours of the service interruption (b) CUSTOMER account must be in good standing with all invoices paid and up to date The CUSTOMER must notify ASCENDO.AI in writing within five (5) business days by opening a support ticket and providing the following details: The subject of the email must be: “Claim Notice – CUSTOMER Domain.ASCENDO.AI” (CUSTOMER's main point of contact must be within Ascendo and only they can request the remedy) List the type of Hosted Service that was affected List the date the Downtime Minutes occurred List application functionality affected by Downtime Minutes List an estimate of the amount of actual Downtime Minutes Ticket number of the documented event ASCENDO.AI will confirm the information provided in the Claim Notice within five (5) business days of receipt of the Claim Notice. If ASCENDO.AI cannot confirm the Downtime Minutes, then the CUSTOMER and ASCENDO.AI agree to refer the matter to executives at each company for resolution. If ASCENDO.AI confirms that ASCENDO.AI is out of compliance with this Service Level Agreement, the CUSTOMER will receive the amount of Service Level Credits set forth above for the affected Service Level metric and the affected Seats for the affected month. The SLA credit will be reflected in the ASCENDO.AI invoice to the CUSTOMER in the month following ASCENDO.AI confirmation of the Downtime Minutes. Please note that SLA credits can only be applied to accounts that are in good standing with all invoices paid and up to date. Service Level Agreement Last Updated: May 17, 2023 GDPR Compliance Last Updated: May 17, 2023 Our Commitment The new General Data Protection Regulation (GDPR) is fundamentally about protecting and enabling the privacy rights of European Union (EU) citizens and residents. The GDPR establishes global privacy requirements governing how you manage and protect personal data while respecting individual choice—regardless of where data is sent, processed, or stored. At Ascendo.ai, we believe that the GDPR is an important step towards strengthening data protection laws across the European Union and enabling individual privacy rights. This is why Ascendo.ai is committed to being GDPR-compliant across our cloud services. Ascendo.ai takes a principled approach to privacy, security, and compliance, with strong commitments to ensuring you can trust the cloud services you rely on. Trust – Built Upon a Safe, Secure, and Compliant Cloud. As you prepare to comply with the GDPR, here is what else you can expect from Ascendo.ai: You maintain control. When you entrust your data to the Ascendo.ai cloud, you remain the sole owner: you retain the rights, title, and interest in the data you store in our cloud services. You can take advantage of the features inherent in our product to meet your GDPR obligations related to deletion, rectification, transfer of, access to, and objection to the processing of personal data. You have full visibility. The Ascendo.ai cloud service protects your data from inappropriate access or use by unauthorized individuals with robust measures, including restricting access by Ascendo.ai personnel and subcontractors. In addition to these commitments, Ascendo.ai provides you with the ability to monitor how data is managed and who has access to what data within your organization. Our service runs on world-class Cloud provider data centers and is certified to internationally recognized security standards, protected by 24-hour physical surveillance, and continuously monitored using strict access controls. Our architecture keeps your data logically isolated from the data of other customers. In addition to running on secured cloud infrastructure, we have a comprehensive security strategy. Each cloud service has built-in security features to help you secure your data, including data-at-rest encryption, encryption in transit, comprehensive role-based access control, and access monitoring. We commit to rapid response. Ascendo.ai has robust security incident response processes and commits to notifying our customers in accordance with the GDPR. Our security team does not have to wait for an incident to occur. We anticipate issues and then prioritize and resolve them based on the impact on your data or services. Partnering to Comply with the GDPR. Compliance is a shared responsibility and we are committed to partnering with you to help you successfully comply with the GDPR. Requirements such as greater data access and erasure rules, privacy by design, and data breach notification processes may mean changes for your organization. Therefore, it is important to understand your obligations related to the GDPR regardless of where your organization resides. Ascendo operates the ascendo.ai website, which provides information about our products and services. Ascendo.ai is committed to protecting the personal privacy of our website visitors and product users. We are committed to supporting GDPR and you can request our “GDPR Position” document by contacting us and requesting it. This page is used to inform website visitors regarding our policies with the collection, use, and disclosure of Personal Information for users of the ascendo.ai website. For users of our product, we ask that they consent to the “Ascendo User Consent” document. The document can be viewed here If you choose to use ascendo.ai, then you agree to the collection and use of information about this policy. The Personal Information that we collect is used for providing and improving the website and our product. We will not use or share your information with anyone except as described in this Privacy Policy. Information Collection and Use For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, email, and postal address. The information that we collect will be used to contact or identify you. If you are a user of the Ascendo application including Slack, we store the email ID, user name, and phone number. Log Data We want to inform you that whenever you visit our Service, we collect information that your browser sends to us which is called Log Data. This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics. Cookies Cookies are files with a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer’s hard drive. Our website uses these “cookies” to collect information and to improve our website. Service Providers We may employ third-party companies and individuals due to the following reasons: To facilitate our website; To perform website-related services; or To assist us in analyzing how our website is used. We want to inform our Service users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose. Security We value your trust in providing us with your Personal Information, thus we are striving to use commercially acceptable means of protecting it. Please review our complete security policy here. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security. Data Retention The time period for which Ascendo.ai retains customer data depends on the purpose for which it is used. Ascendo.ai retains customer data for as long as an account is active or in accordance with the agreement(s) between Ascendo.ai and the customer unless Ascendo.ai is required by law to dispose of data earlier or retain data longer. Data Disposal Ascendo.ai disposes of customer data within 30 days of a request by a current or former customer or in accordance with the Customer’s agreement(s) with Ascendo.ai. The main customer contact noted in the Customer’s agreement(s) with Ascendo.ai may send a request to delete by contacting Ascendo customer support via email at askascendo.support@ascendo.ai . Ascendo.ai may retain and use data necessary for the contract such as proof of contract in order to comply with its legal obligations, resolve disputes, and enforce agreements. Ascendo.ai hosting and service providers are responsible for ensuring the removal of data from disks allocated to Ascendo.ai use before they are repurposed and the destruction of decommissioned hardware. Only a limited number of Ascendo.ai employees have access to delete customer data. Links to Other Sites Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. Changes to This Privacy Policy We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page. Contact Us If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at policy@ascendo.ai . Privacy Policy Last Updated: May 17, 2023 PRIVACY POLICY OF ASCENDO This consent form is part of Ascendo's GDPR compliance efforts. Ascendo is committed to protecting the privacy of our user’s Personal Information. If you have any questions about this consent or issues with the use of personal information, please contact the Ascendo Data Protection Officer: Ascendo, 228 Hamilton Avenue, Palo Alto, CA 94301. policy@ascendo.ai By consenting, you agree to provide personal information that will only be used by Ascendo for the operations of our software and system. We require only the minimum personal information necessary for the operation of the system. Without this personal information, we will not be able to provide access to the software and system. The required information is: First or Given name, Last or Surname, and Email (used as login name and for password resets/system notifications). Other optional information is requested to enable follow-up contact regarding software and system operations. If you give this optional information you consent to its use as outlined here. The optional information is: Address and phone Number(s): Personal information may be gathered as a consequence of using the system for the purpose of improving operations of the system. If you use the system you are consenting to our use of this information as outlined here. The gathered information is: IP address, Geographical Location, and Browser/Operating System details. This information may be used to determine system usage in aggregate but will not be used to profile individual work patterns or usage. The personal data gathered will be kept as long as the licensee of the system deems it necessary. You have the right to request access to the data, rectification of any errors in the data, and erasure of the data. You may also withdraw your consent. If you feel your personal data has been misused, you have the right to lodge a complaint with Ascendo and/or the EU supervisory authority in your country. User Consent : First Name: ____________________ Last Name: ____________________ Email: _______________________ By signing this you consent to the use of your personal information as described. Signature: _____________________ Date: ________________________ ASCENDO USER CONSENT Privacy User Content Last Updated: May 17, 2023 Security Policies Last Updated: May 17, 2023 ASCENDO.AI PRIVACY AND SECURITY STANDARDS 1. Purpose Ascendo.ai relies on the integrity and accuracy of its data in order to deliver Ascendo prediction SaaS services. It is therefore paramount that the confidentiality, integrity, and availability of the customer data are ensured. All employees and approved subcontractors of Ascendo that process or manage Ascendo (and customer) Information must adhere to these requirements to ensure that Ascendo.ai maintains the trust of all relevant stakeholders and remains in compliance with relevant legal and regulatory requirements. 2. Scope The scope of this document includes what Ascendo will process, have access to, transmit, or store customer information. This includes, but is not limited to: Employees involved in the design, development, operation, and hosting of information systems. All staff, including contractors and third parties employed directly and indirectly by Ascendo (i.e., subcontractors). In the instance where services are provided by Ascendo’s sub-vendors (4th, 5th, or 6th party vendors), Ascendo.ai is fully liable and responsible for all subcontractor adherence to these privacy and security standards. 3. Access Control 3.1 Access control program, applicable where Ascendo maintains access to Customer data a. Ascendo manages access to internal and external applications via security groups. b. Ascendo allocates system privileges and permissions to users and groups using the principle of least privilege. c. Ascendo assigns application and data rights based on user groups and roles, and grants access to information based on job function (i.e., role-based security). 3.2 Entitlement reviews a. Ascendo requires approval to add, change, or delete users to its networks and systems that process, transmit, or store customer information. b. Ascendo implements role-based security to ensure access to the application is restricted based on defined functional roles. c. Ascendo promptly removes application, platform, and network access for terminated users upon notification of termination. d. Ascendo promptly updates user access rights based on changes in job responsibilities. e. Ascendo reviews access privileges to systems and corporate networks, including administrative access privileges, at a minimum on a bi-annual basis. f. Ascendo uses separate administrative accounts to perform privileged functions and the accounts are restricted to individuals who are authorized. 3.3 Remote access a. Ascendo shall not allow remote access into the Ascendo’s network to perform work for or on behalf of the customer except by support resources for system administration and production system support work. b. In the case of remote access for IT support resources, traffic with the remote device will be encrypted (i.e., VPN) and the remote user must utilize multi-factor authentication. 4. Change Management a. Ascendo follows documented change management policies for requesting, testing, and approving application, infrastructure, and product-related changes. b. Changes undergo various levels of review and testing including security and code reviews, regression, and acceptance testing prior to approval for implementation. c. Following the successful completion of testing, Ascendo ensures appropriate managers must approve changes prior to implementation in a production environment. 5. Software Development Life Cycle a. Ascendo’s Software Development Life Cycle (SDLC) methodology governs the acquisition, development, configuration, maintenance, modification, and management of infrastructure and software components. The SDLC methodology is consistent with the defined security, availability, and confidentiality policies of Ascendo. b. System source/object code must be protected from unauthorized access. Access privileges to the source code repository are reviewed periodically and limited to authorized employees. c. Ascendo ensures that customer Information on the hosted environment is segregated from other customer data by appropriate physical, technical, and/or logical means. d. Application development environments must be segregated from the production environment. Usage of "Production" data in Non-Production/Lower environments is prohibited. Usage of production data in the lower environments for the intent of development or testing requires approval from the Ascendo CTO. And will be treated as an Exemption. Logical access controls for the two environments to ensure authorized individuals move code to production. 6. Maintenance Ascendo’s maintenance windows are scheduled and communicated to customers in advance. In the event of a service interruption, Ascendo notifies customers describing the affected services. If additional maintenance is needed, Ascendo notifies customers in advance of scheduled maintenance occurring outside of the scheduled window. Ascendo communicates upgrades, new releases, and minimum release version requirements to customers. 7. Data Management & Security 7.1 Data Ownership Notwithstanding anything herein to the contrary, Ascendo acknowledges that each customer is the exclusive owner of all rights, title, and interest in and to any of the customer-specific data. The foregoing includes, without limitation, all patent, copyright, trademark, trade secrets, and all other proprietary, licensing, and privacy rights in and to their respective Customer Data. Notwithstanding anything to the contrary, Ascendo shall have the right to collect and analyze data and other information relating to the provision, use, and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Customer Data and data derived therefrom), and Ascendo will be free to (I) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, and (ii) disclose such data solely in aggregate, or other de-identified form in connection with its business. No rights or licenses are granted except as expressly set forth herein. Ascendo hereby waives any and all statutory and common law liens it may now or hereafter have with respect to Customer data. 7.2 Limitations on use Ascendo will access, use and disclose Confidential Information only when it is necessary to perform the customer’s obligations under a Purchasing Agreement. Ascendo will not disclose Confidential Information other than to Ascendo personnel and any other sub-contractors who: a. Need such access to assist Ascendo in the performance of a Purchasing Agreement. b. Have agreed in writing to be bound by a duty of confidentiality no less protective to the Confidential Information than the Term set forth in the respective Customer Agreement. 7.3 Applicable Laws In addition to any obligation that Ascendo may have under a Purchasing Agreement, Ascendo will comply with all applicable privacy and data protection laws, rules, and regulations in any jurisdiction where the Products and/or Services may be provided regarding Confidential Information to which it is subject including, without limitation: a. State security breach notification laws. b. Laws regarding the protection of Social Security numbers. c. Laws imposing minimum security requirements. d. Laws requiring the secure disposal of records containing certain personal data. e. All other applicable federal, state, and local requirements. f. Electronic storage industry standards concerning privacy, data protection, confidentiality, or information security. 7.4 End-of-Term Handling Upon termination or expiration of the agreement or upon the customer’s written request, Ascendo will return to the customer all copies of the customer’s information already in Ascendo’s possession or within its control within 30 (thirty) days. Ascendo shall maintain procedures for the removal of customer Information from electronic media before the media are available for re-use. Alternatively, with the customer’s prior written consent, Ascendo may destroy such customer information; provided that the customer information is: a. Destroyed in accordance with applicable laws, rules, or regulations. b. Sanitized via the use of industry-accepted standards (clear, purge, destroy). c. Rendered unreadable, undecipherable, and otherwise incapable of reconstruction. d. Backup copies are purged/removed by following an established process for data backups. 7.5 Data Encryption a. Ascendo will encrypt data at rest and in transit using industry-standard encryption techniques for b. Ascendo will also use standard encryption techniques for data backups. c. Any systems which maintain, transmit, or store customer data shall be encrypted. 7.6 Data Storage Ascendo stores data solely on their target servers and not on any laptop or portable device (unless there is explicit written permission from the customer). Ascendo uses Amazon AWS and Google GCP as the preferred cloud service providers. 7.7 Information Security Program a. Ascendo maintains a written Information Security program that complies with applicable global industry-recognized security frameworks. b. Ascendo has internal policies, standards, and operating procedures related to security, availability, and confidentiality that are available to personnel. Ascendo reviews, updates, and approves security policies and procedures at least annually to maintain their continuing relevancy and accuracy. Ascendo’s personnel Privacy Policy describes confidentiality and privacy commitments to our customers and is available on the Ascendo website. c. Ascendo’s CTO acts as the Chief Information Security Officer and Governance, Risk and Compliance officer. He/she is responsible for developing, maintaining, reviewing, and approving Ascendo’s security, availability, and confidentiality standards and policies. d. Ascendo shall monitor, evaluate, and adjust, as appropriate its Information Security program in light of any relevant changes in technology or industry standards, the sensitivity of customer information, internal or external threats to the Ascendo or customer, requirements of applicable work orders, and customer’s own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements and changes to information systems. e. Ascendo conducts periodic security awareness campaigns to educate employees on their responsibilities for creating and maintaining a secure workplace. 7.8 Risk Management Ascendo has a formal cyber security risk assessment and management process that includes mitigation of any identified findings. 8. Incident Response & Notification a. Ascendo shall contact customers upon the occurrence of any Security Incident. b. Ascendo shall promptly notify customers of any vulnerability discovered through internal monitoring or testing that impacts its security safeguards or Services provided to the customer (each, an “Impact”). Impact means any reported security incident that materially exposes the customer’s data to unauthorized usage and that will not be remediated, and/or for which compensating control will not be in place, within ninety (90) days of the discovery of the Impact. c. Ascendo shall promptly develop and implement an appropriate action plan to address and resolve any Impact, vulnerabilities, and/or recommendations identified during such an event. Ascendo, at its own expense, shall undertake remedial action to the extent necessary to comply with Ascendo’s obligations under the respective customer agreement. d. Ascendo shall maintain a documented and tested incident-handling program, and ensure that all Security Incidents follow Ascendo’s incident-handling program. e. Ascendo shall use reasonable efforts to notify customer representatives within thirty (30) minutes after becoming aware of any Incident or suspected or actual data security breach. This includes a security breach of Ascendo’s systems used to conduct or process its Services or to store customer confidential information. Such security breaches will include, without limitation, third-party incursions that could in any way result in unauthorized access to any customer confidential information. f. Ascendo shall not notify law enforcement or federal or state regulatory authorities of any such security breach without prior notice to customers unless otherwise required by applicable law. In the event that Ascendo notifies customers of a suspected or actual security breach, Ascendo shall, if requested by the respective affected customer, grant access to customer representatives or a qualified third party agreed to by the customer and Ascendo to Ascendo’s systems and premises to allow such representatives or third party to perform an investigation (including the installation of any monitoring or diagnostic software) deemed necessary by the customer to locate the source of such security breach. Each party shall act reasonably and in good faith in the selection of such third party. g. Ascendo shall, and shall cause its Representatives to, provide the affected customer with the following information concerning any suspected or actual security breach by or involving any person or in any systems, processes, hardware or software used to store, transmit or otherwise affect confidential information: i. The date of the security breach. ii. Details concerning the data compromised (e.g., strategic financial information, or customer names and addresses). iii. The method of the security breach. iv. Appropriate Ascendo security personnel contacts and security personnel contacts of its Representatives. v. The name of any person and or law enforcement agency assisting Ascendo with the investigation of the suspected or actual data security breach. vi. A list of all parties known to have gained unauthorized access to the affected customer's confidential information for the limited purpose of assessing the customer’s exposure. vii. Any other information which affected customer reasonably requests from Ascendo and/or its Representatives concerning such suspected or actual data security breach, including without limitation any forensics report(s). Ascendo shall provide the information listed in (i)-(vii) as soon as is reasonably practicable and in any event, shall provide the information listed in (i)-(vi) to the affected customer within twelve (12) hours of Ascendo’s initial notification of the actual or suspected security breach. Ascendo and/or its Representatives must provide the affected customer with copies of any reports concerning the security breach as soon as practicable. Ascendo and/or its Representatives agree not to issue any press release or other public announcement concerning the suspected or actual data security breach without the prior approval of the affected customers. h. Ascendo shall cooperate with the affected customers to ensure that appropriate security measures and procedures are implemented by a mutually agreeable deadline and using a mutually agreeable approach if the customer notifies Ascendo that the customer believes that Ascendo’s or any of its Representatives' security procedures in connection with the Services are inadequate or do not comply with the security requirements. Ascendo shall immediately take appropriate steps to ensure that any actual data security breach does not continue. With respect to matters under this section, Ascendo and the customer agree that they shall act reasonably and in good faith and shall not unreasonably withhold, delay, or condition their consent or cooperation. i. Any fraud or security incident can be sent to Ascendo through ascendoinfosec@ascendo.ai . Note that this email should be used only for the purpose of noting security and fraud incidents and in no situation should be used for any other purposes such as spam or marketing. 9. Password Management & Authentication Controls a. Authorized users must identify and authenticate to Ascendo’s network, applications, and platforms using their unique user ID and password. i. Use of shared accounts to enable interactive access to the application and/or data by multiple users is prohibited. ii. Accounts must be locked after 60 minutes of inactivity (i.e., idle session). iv. Accounts must be removed/secured if in a disabled state for a period no greater than 90 days (if the disabled account cannot be deleted, all associated permissions must be removed). v. Accounts can use multifactor authentication to log in to Ascendo’s network. b. Password complexity. i. Passwords must be at least 8 (eight) characters in length. ii. Passwords must contain one of each character: upper case, lower case, numeric, and special character. (Note: if using multi-factor authentication (MFA), a combination of three of the above characters is acceptable). iii. Must be masked during authentication. iv. Must be set to expire within 120 days or less. v. Password history must restrict the use of the previous 4 (four) password iterations. vi. All passwords must be secured while stored or transmitted (encrypted/hashed). vii. Passwords must not be saved for the intent of bypassing future log-on (i.e., save password check box). viii. Communication of the initial password must be in a secure manner. ix. Default passwords for accounts must be changed prior to use (e.g., Ascendo supplied, application, database, etc.). 10. Network Security & Monitoring 10.1 Intrusion Detection a. Network perimeter defense solutions including an Intrusion Detection System and firewalls are in place to prevent malicious network activity. Security operations personnel monitor items detected and take appropriate action. b. Firewall configurations and rules are reviewed at least annually. Significant changes to firewall rules follow the Change Management (Section 4) process and require approval by Ascendo’s Change Advisory Board led by CTO. 10.2 Patch Management a. All Laptops, desktops, servers (and any other hardware asset) owned by the Ascendo must have up-to-date database and operating system security patches installed to protect the asset from known vulnerabilities. b. Critical security patches must be applied within 72 hours. Non-critical security patches should be applied at least quarterly or more frequently. Ascendo should be made aware of any vulnerabilities that cannot be patched. 10.3 Threat and Vulnerability Management and Security Testing a. Ascendo shall maintain a threat and vulnerability management program, which includes at a minimum regular vulnerability scans using industry-recognized tools. b. Ascendo shall perform vulnerability and threat assessment testing (VTA Testing) of Ascendo systems and facilities that are used to support customer engagements at least annually. VTA Testing shall determine if vulnerabilities exist within technology, including applications, systems, and networks that are used by Ascendo to provide Ascendo Products or Services hereunder. VTA Testing must adhere to the following: i. Be based on industry-accepted penetration testing approaches. ii. Include testing from inside and outside the network. iii. Include testing to validate segmentation. iv. Include network layer, operating system, and application layer testing. 10.4 Logging and Monitoring a. Ascendo will work with cloud service providers for real-time logging of security information from applications and databases, servers, firewalls, routers, and intrusion detection system devices. Logs contain details on the date, time, source, and type of events (actions performed, object or account affected, etc.). Ascendo’s admin team reviews key reports daily and follows up on events, as necessary. b. Ascendo continuously monitors application, infrastructure, network, and data storage space and system performance on a 24X7 basis. c. Ascendo enabled System logging for end-user and administrator activity and is reviewed as necessary and updates executed by privileged system users. 10.5 DMZ a. When providing internet-based services and products to customers Ascendo shall protect customer’s information by the implementation of a network DMZ. Web servers providing service to customers shall reside in the DMZ. Any system or information resource storing customer’s information (such application and database servers) shall reside in a trusted internal network. 11. Next Gen Anti-Virus and Malware Controls Ascendo will use a system-centric approach to endpoint security that examines every process on every endpoint to algorithmically detect and block malicious tools, tactics, techniques, and procedures upon which attackers rely. All Ascendo desktops and laptops have next-gen anti-virus installed for virus and malware infections. Endpoint devices are scanned in real-time and a full system scan is performed weekly. Virus definition updates are pushed out to endpoint devices automatically from the anti-virus software central administration console as they become available. 12. Mobile and Portable Devices Not applicable at this time. 13. Human Resources & Third-Party Security a. New employees sign a confidentiality agreement and acknowledge security policies during the new employee onboarding process. b. Background checks are run in accordance with relevant laws and regulations. The background checks are commensurate to an individual's job duties and include at minimum social security verification and a criminal history check. c. Ascendo maintains a disciplinary process to take action against personnel that do not comply with company policies, including but not limited to, those put in place to meet its security, availability, and confidentiality commitments and requirements. d. Ascendo management team assesses the risk associated with new vendors (i.e., sub-vendors and/or sub-contractors) prior to onboarding and has an ongoing risk management process for existing vendors. e. Ascendo communicates security and confidentiality requirements and operational responsibilities to third parties (i.e., sub-vendors, 4th or 5th party, etc.) through contractual agreements. 14. Business Continuity 14.1 Business Continuity Management and Disaster Recovery Ascendo has a business continuity plan and a disaster recovery plan in place to manage significant disruptions to its operations and infrastructure. Ascendo will be able to resume the full performance of their contractual services in 72 hours. a. Management reviews, updates, and approves these plans annually. b. Exercises are conducted to test the response to a specific incident on a regular basis. 14.2 Backup Procedures Ascendo will provide the Products, Services, and/or Network (as applicable) in accordance with the following procedures to enhance security. Ascendo will: a. Ensure that customer data is backed up on a daily basis and backup is encrypted b. Store copies of customer data and data recovery procedures in a different place from where the primary computer equipment processing the customer data is located. c. Have specific procedures in place governing access to copies of customer data. d. Review data recovery procedures at least annually. 15. Physical & Environmental Security Ascendo uses third-party cloud service providers and as such the physical access is controlled by Amazon and Google. 16. Standard of Conduct Ascendo and any of its Representatives performing Services or providing Products on the customer’s premises or accessing the customer’s networks remotely shall comply with all of the customer’s security, supervision, and other standard procedures and policies as communicated to Ascendo and such Representatives. Appendix A - Glossary Term Definition Critical Security Patch A set of changes to a computer program to fix security vulnerabilities. Finding An issue related to an internal control review. Risk A potential situation where the system or data may be exposed to a cyber threat. Security Breach A security breach is any incident that results in unauthorized access to data, applications, services, networks, and/or devices by bypassing their underlying security mechanisms. Security Event A security event is a change in the everyday operations of a network or information technology service indicating that a security policy may have been violated or a security safeguard may have failed. Security Incident A security incident is an event that may indicate that an organization's systems or data have been compromised or that measures put in place to protect them have failed. Vulnerability A vulnerability is a weakness that can be exploited by a Threat Actor, such as an attacker, to perform unauthorized actions within a computer system. Terms of Service (“ Agreement ”) constitute a contract between Ascendo.AI (“Ascendo”), and you, the customer that has signed up for the Services and agreed to the terms of this Agreement (“ Customer ”). Ascendo wishes to provide and you wish to have the right to access pursuant to the terms of this Agreement, a subscription service. This Agreement includes and incorporates the Order Form with which you purchased the Services and any subsequent Order Forms (submitted in written or electronic form). By accessing or using the Services, you agree to be bound by this Agreement. If you are entering into this Agreement on behalf of a company, organization or other entity, you represent that you have such authority to bind such entity and are agreeing to this Agreement on behalf of such entity. If you do not have such authority to enter into this Agreement or do not agree with these terms and conditions, you may not use the Services. Ascendo Terms of Service Section 1: Definitions 1.1 The following terms, when used in this Agreement will have the following meanings: “Confidential Information” means any information or data disclosed by either party that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential in light of the nature of the information and the circumstances surrounding disclosure. However, “Confidential Information” will not include any information which (a) is in the public domain through no fault of receiving party; (b) was properly known to receiving party, without restriction, prior to disclosure by the disclosing party; (c) was properly disclosed to receiving party, without restriction, by another person with the legal authority to do so; or (d) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information. “Documentation” means the printed and digital instructions, online help files, technical documentation, and user manuals made available by Ascendo for the Services, which Ascendo may modify from time to time. “Order Form” means an invoice, order form, quote, or other similar document that sets forth the specific Services and pricing therefore, and that references this Agreement and is mutually executed by the parties. “Services” means the SaaS-based platform and Software products ordered by or made available to the Customer under an Order Form (collectively with the described services in the applicable Order Form or Documentation). “Software” means Ascendo proprietary software which may integrate with Customer’s Third-Party Services, network or applications, as provided in the Documentation and any updates, fixes, or patches developed from time to time. Section 2: Services 2.1 Provision of Ascendo Platform. Subject to the terms and conditions of this Agreement, Ascendo hereby grants Customer and its registered employees and contractors (“Users”) a non-exclusive, non-sublicensable, non-transferable license to use and access the Services. The Services are subject to modification from time to time at Ascendo’s sole discretion, provided the modifications do not materially diminish the functionality of the Services provided by Ascendo. 2.2 Data Security. Ascendo maintains a commercially reasonable security program that is designed to (i) ensure the security and integrity of Customer data uploaded by or on behalf of Customer to the Services (“Customer Data”); (ii) protect against threats or hazards to the security or integrity of Customer Data; and (iii) prevent unauthorized access to Customer Data. Solely if and to the extent Ascendo processes Customer Personal Data (as defined in the DPA) that is subject to the GDPR (as defined in the DPA), the GDPR Data Processing Addendum provided onhttps://www.ascendo.ai/security-standards will apply (“DPA”). Solely if and to the extent Ascendo processes Customer Personal Information (as defined in the CCPA Addendum) that is subject to the CCPA (as defined in the CCPA Addendum), the CCPA Addendum provided on, will apply. 2.3 Limitations. The rights granted herein are subject to the following restrictions (the “License Restrictions”). Customer will not directly or indirectly: (a) reverse engineer, decompile, disassemble, modify, create derivative works of or otherwise create, attempt to create or derive, or permit or assist any third party to create or derive, the source code, object code or underlying structures, ideas or algorithms of the Services or any data related to the Services; (b) attempt to probe, scan, or test the vulnerability of the Services, breach the security or authentication measures of the Services without proper authorization, or willfully render any part of the Services unusable; (c) use or access the Services to develop a product or service that is competitive with Ascendo’s products or Services or engage in competitive analysis or benchmarking; (d) share, transfer, distribute, resell, lease, license, or assign Services or otherwise offer the Services on a standalone basis; or (e) otherwise, use the Services outside the scope expressly permitted hereunder and in the applicable Order Form. 2.4 Ascendo reserves the right to suspend Customer’s (or any User’s) access to the Services immediately (i) in the event that Customer breaches this Section 2.3 or Section 4 of this Agreement, or breaches any other provision of this Agreement and fails to correct that breach within the applicable cure period; or (ii) as it deems reasonably necessary to respond to any actual or potential security or availability concern that may affect customers or Users. Customer Responsibilities. (a) Customer will only use the Services in accordance with the Documentation and as set forth in this Agreement. Customer acknowledges that Ascendo’s provision of the Services is dependent on Customer providing all reasonably required cooperation (including the prompt provision of access to Customer’s applications, software systems, personnel, cooperation, and materials as reasonably required and any other access as may be specified in the applicable Order Form), and Customer will provide all such cooperation in a diligent and timely manner. (b) Customer will (i) be responsible for all use of the Services under its account (whether or not authorized), (ii) use commercially reasonable efforts to prevent unauthorized access to or use of the Services and notify Ascendo promptly of any such unauthorized access or use and (iii) be responsible for obtaining and maintaining any equipment, software, and ancillary services needed to connect to, access or otherwise use the Services, including as set forth in the Documentation. The customer will be solely responsible for its failure to maintain such equipment, software, and services, and Ascendo will have no liability for such failure (including under any service level agreement, if applicable). In addition, the Customer will be responsible for ensuring that its systems (e.g., APIs) have sufficient bandwidth to use the Services. (c) Customer will not use the Services to transmit or provide to Ascendo any financial or medical information of any nature, or any sensitive personal data (e.g ., social security numbers, driver’s license numbers, birth dates, personal bank account numbers, passport or visa numbers, and credit card numbers). (d) Customer’s use of third-party products or services that are not licensed to Customer directly by Ascendo (“Third Party Services”) shall be governed solely by the terms and conditions applicable to such Third-Party Services, as agreed to between Customer and the third party. Ascendo does not endorse or support is not responsible for, and disclaims all liability with respect to Third Party Services, including without limitation, the privacy practices, data security processes, or other policies related to Third Party Services. The customer agrees to waive any claim against Ascendo with respect to any Third-Party Services. (e) Customer may enable integrations between the Services and Third-Party Services (each, an “Integration”). By enabling an Integration between the Services and its third-party Services, Customer is instructing Ascendo to share the Customer Data necessary to facilitate the Integration. The customer is responsible for providing any and all instructions to the Third-Party Service provider about the use and protection of Customer Data. Ascendo and Third-Party Service providers are not subprocessors of each other. (f) Customer acknowledges that the Services will require Users to share with Ascendo certain information which may include personal information regarding Users (such as usernames, passwords, email addresses and/or phone numbers) solely for the purposes of providing and improving the Services. Prior to authorizing an individual to become a User, Customer is fully responsible for obtaining the consent of that individual, in accordance with Applicable Law, to the use of his/her information by Ascendo AI, which use is described in Ascendo’s Services Privacy Notice, located at https://www.ascendo.ai/privacy. Customer represents and warrants that all such consents have been or will be obtained prior to authorizing any individual to become a User. (g) Customer will be fully responsible for Users’ compliance with this Agreement and any breach of this Agreement by a User shall be deemed to be a breach by Customer. Ascendo’s relationship is with Customer and not individual Users or third parties using the Services through Customer, and Customer will address all claims raised by its Users directly with Ascendo AI. Section 3: Fees 3.1 Fees. The Customer will pay Ascendo AI the fees set forth in the Order Form. Except as otherwise specified herein or in any applicable Order Form, (a) fees are quoted and payable in United States dollars and (b) payment obligations are non-cancelable and non-pro-ratable for partial months, and fees paid are non-refundable. Ascendo reserves the right to change the fees or applicable charges and to institute new charges and fees at the end of the initial term, as specified in the Order Form, or then-current renewal term, upon thirty (30) days prior notice to Customer (which may be sent by email). 3.2 Late Payment. Ascendo may suspend access to the Services immediately upon notice if the Customer fails to pay any amounts hereunder at least fifteen (15) days past the applicable due date. 3.3 Taxes. All amounts payable hereunder are exclusive of any sales, use, and other taxes or duties, however designated (collectively “Taxes”). The Customer will be solely responsible for payment of all Taxes, except for those taxes based on the income of Ascendo. The Customer will not withhold any taxes from any amounts due to Ascendo. Section 4: Proprietary Rights and Confidentiality 4.1 Proprietary Rights. As between the parties, Ascendo exclusively owns all rights, title, and interest in and to the Services and Ascendo’s Confidential Information, and Customer exclusively owns all rights, title, and interest in and to the Customer Data and Customer’s Confidential Information. 4.2 Feedback. Customers may from time to time provide Ascendo suggestions or comments for enhancements or improvements, new features or functionality, or other feedback (“Feedback ”) with respect to the Services. Ascendo will have full discretion to determine whether or not to proceed with the development of any requested enhancements, new features, or functionality. Ascendo will have the full, unencumbered right, without any obligation to compensate or reimburse the Customer, to use, incorporate, and otherwise fully exercise and exploit any such Feedback in connection with its products and services. 4.3 Confidentiality. Each party agrees that it will use the Confidential Information of the other party solely in accordance with the provisions of this Agreement and it will not disclose, or permit to be disclosed, the same directly or indirectly, to any third party without the other party’s prior written consent, except as otherwise permitted hereunder. However, either party may disclose Confidential Information (a) to its employees, officers, directors, attorneys, auditors, financial advisors, and other representatives who have a need to know and are legally bound to keep such information confidential by confidentiality obligations consistent with those of this Agreement; and (b) as required by law (in which case the receiving party will provide the disclosing party with prior written notification thereof, will provide the disclosing party with the opportunity to contest such disclosure, and will use its reasonable efforts to minimize such disclosure to the extent permitted by applicable law. Neither party will disclose the terms of this Agreement to any third party, except that Ascendo may confidentially disclose such terms to actual or potential lenders, investors, or acquirers. Each party agrees to exercise due care in protecting Confidential Information from unauthorized use and disclosure. In the event of an actual or threatened breach of the provisions of this Section or the License Restrictions, the non-breaching party will be entitled to seek immediate injunctive and other equitable relief, without waiving any other rights or remedies available to it. Each party will promptly notify the other in writing if it becomes aware of any violations of the confidentiality obligations set forth in this Agreement. 4.4 Machine Learning and Aggregation. The Customer acknowledges that a fundamental component of the Services is the use of data aggregation and machine learning for the purpose of improving and providing Ascendo’s products and services. Notwithstanding anything to the contrary, Customer agrees that Ascendo is hereby granted the right to use (during and after the term hereof) information submitted using the Services to aggregate personally identifiable information and de-identify such information, including information related to vendors and train its algorithms internally through machine learning techniques for such purpose. 4.5 Performance Metrics. Customer agrees that Ascendo has the right to aggregate, collect, and analyze data and other information relating to the access or use of the Services by or on behalf of Customer or any User, including any performance, analytics, or statistical data and shall be free (during and after the term hereof) to (i) use such data and other information to improve Ascendo’s products and services, and (ii) disclose such data and other information solely in an aggregated and de-identified format. Section 5: Warranties and Disclaimers 5.1 Ascendo. Ascendo represents and warrants that it will not knowingly include, in the Services released to Users and provided to Customer hereunder, any computer code or other computer instructions, devices, or techniques, including without limitation those known as viruses, disabling devices, trojans, or time bombs, that intentionally disrupt, disable, harm, infect, defraud, damage, or otherwise impede in any manner, the operation of a network, computer program or computer system or any component thereof, including its security or User data. If, at any time, Ascendo fails to comply with the warranty in Section 5 .1, Customer may promptly notify Ascendo in writing of any such noncompliance. Ascendo will, within 30 days of receipt of such written notification, either correct the noncompliance or provide Customer with a plan for correcting the noncompliance. If the noncompliance is not corrected or if a reasonably acceptable correction plan is not established during such period, Customer may terminate this Agreement and receive a refund of any pre-paid but unearned subscription fees, prorated on a monthly basis, as its sole and exclusive remedy for such noncompliance. This provision does not apply to the Customer’s use of free Services. 5.2 Customer. Customer warrants that it has all rights necessary to provide any information, data or other materials that it provides hereunder, and to permit Ascendo to use the same as contemplated hereunder. 5.3 DISCLAIMERS. EXCEPT AS EXPRESSLY SET FORTH HEREIN, EACH PARTY DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, TITLE, NON- INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. THE CUSTOMER ACKNOWLEDGES THAT THE SERVICES ARE BASED ON PREDICTIVE STATISTICAL MODELS, AND ARE INTENDED TO AUGMENT THE EFFICIENCY OF, BUT NOT REPLACE, CUSTOMER’S IT HELPDESK. THE SERVICES MAY CONTAIN BUGS, MAKE ERRORS, OR MISINTERPRET IT ISSUES, AND IN SUCH CASES ASCENDO CAN DISENGAGE ANY FUNCTIONALITY OF THE SERVICES AT THE CUSTOMER’S REQUEST. ASCENDO DOES NOT REPRESENT OR WARRANT THAT ANY OR ALL IT HELPDESK TICKETS WILL BE RESOLVED OR THAT HUMAN INTERVENTION WILL NOT BE REQUIRED TO RESOLVE AN IT HELPDESK TICKET. 5.4 BETA PRODUCTS. FROM TIME TO TIME, CUSTOMERS MAY HAVE THE OPTION TO PARTICIPATE IN A PROGRAM WITH ASCENDO WHERE CUSTOMER GETS TO USE ALPHA OR BETA PRODUCTS, FEATURES, OR DOCUMENTATION (COLLECTIVELY, “BETA PRODUCTS”) OFFERED BY ASCENDO. THE BETA PRODUCTS ARE NOT GENERALLY AVAILABLE AND ARE PROVIDED “AS IS”. ASCENDO DOES NOT PROVIDE ANY INDEMNITIES, SERVICE LEVEL COMMITMENTS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE, IN RELATION THERETO. CUSTOMERS OR ASCENDO MAY TERMINATE THE CUSTOMER’S ACCESS TO THE BETA PRODUCTS AT ANY TIME. Section 6: Indemnification 6.1 Indemnity by Ascendo. Ascendo will defend Customer against any claim, demand, suit, or proceeding (“ Claim ”) made or brought against Customer by a third party alleging that the use of the Services as permitted hereunder infringes a United States patent or copyright or misappropriates a trade secret and will indemnify Customer for any damages finally awarded against (or any settlement approved by Ascendo) Customer in connection with any such Claim; provided that (a) Customer will promptly notify Ascendo of such Claim, (b) Ascendo will have the sole and exclusive authority to defend and/or settle any such Claim (provided that Ascendo may not settle any Claim without Customer’s prior written consent, which will not be unreasonably withheld unless it unconditionally releases Customer of all related liability) and (c) Customer reasonably cooperates with Ascendo in connection therewith. If the use of the Services by Customer has become, or in Ascendo’s opinion is likely to become, the subject of any claim of infringement, Ascendo may at its option and expense (i) procure for Customer the right to continue using and receiving the Services as set forth hereunder; (ii) replace or modify the Services to make it non-infringing (with comparable functionality); or (iii) if the options in clauses (i) or (ii) are not reasonably practicable, terminate this Agreement and provide a pro-rata refund of any prepaid fees corresponding to the terminated portion of the applicable subscription term. Ascendo will have no liability or obligation with respect to any Claim if such Claim is caused in whole or in part by (A) compliance with designs, guidelines, plans, or specifications provided by Customer; (B) use of the Services by Customer not in accordance with this Agreement; (C) modification of the Services by any party other than Ascendo without Ascendo’s express consent; (D) Customer Confidential Information or (E) the combination, operation or use of the Services with other applications, portions of applications, product(s) or services where the Services would not by itself be infringing (clauses (A) through (E), “ Excluded Claims ”). This Section states Ascendo’s sole and exclusive liability and obligation, and Customer’s exclusive remedy, for any claim of any nature related to infringement or misappropriation of intellectual property. 6.2 Indemnification by Customer. Customer will defend Ascendo against any Claim made or brought against Ascendo by a third party arising out of the (i) Customer breach of any laws or regulations (including with respect to privacy); (ii) Customer’s or any User's use of the Services; (iii) Customer’s violation of any agreements it has with any User; or (iv) Excluded Claims, and Customer will indemnify Ascendo for any damages finally awarded against (or any settlement approved by Customer) Ascendo in connection with any such Claim; provided that (a) Ascendo will promptly notify Customer of such Claim, (b) Customer will have the sole and exclusive authority to defend and/or settle any such Claim (provided that Customer may not settle any Claim without Ascendo’s prior written consent, which will not be unreasonably withheld unless it unconditionally releases Ascendo of all liability) and (c) Ascendo reasonably cooperates with Customer in connection therewith. Section 7: Limitation of Liability UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, WILL EITHER PARTY BE LIABLE TO THE OTHER UNDER THIS AGREEMENT FOR (A) ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES OF ANY CHARACTER, INCLUDING DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOST SALES OR BUSINESS, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, LOST CONTENT OR DATA, EVEN IF A REPRESENTATIVE OF SUCH PARTY HAS BEEN ADVISED, KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) EXCLUDING A PARTY’S INDEMNIFICATION OBLIGATIONS OR THE BREACH OF SECTION 2.3 (LIMITATIONS), SECTION 2.4 (CUSTOMER RESPONSIBILITIES) OR SECTION 3 (FEES), ANY DIRECT DAMAGES, COSTS, OR LIABILITIES IN EXCESS OF THE AMOUNTS PAID BY CUSTOMER UNDER THE APPLICABLE ORDER FORM DURING THE TWELVE (12) MONTHS PRECEDING THE INCIDENT OR CLAIM. Section 8: Termination 8.1 Term. The term of this Agreement will commence on the effective date of the initial Order Form and continue until terminated as set forth below. The initial term of each Order Form will begin on the Order Form effective date of such Order Form and will continue for the subscription term set forth therein. Except as set forth in such Order Form, the term of such Order Form will automatically renew for successive renewal terms equal to the length of the initial term of such Order Form, unless either party provides the other party with written notice of non-renewal at least thirty (30) days prior to the end of the then-current term. 8.2 Termination. Each party may terminate this Agreement upon written notice to the other party if there are no Order Forms then in effect. Each party may also terminate this Agreement or the applicable Order Form upon written notice in the event (a) the other party commits any material breach of this Agreement or the applicable Order Form and fails to remedy such breach within thirty ( 3 0) days after written notice of such breach or (b) subject to applicable law, upon the other party’s liquidation, commencement of dissolution proceedings or assignment of substantially all its assets for the benefit of creditors, or if the other party become the subject of bankruptcy or similar proceeding that is not dismissed within sixty (60) days. 8.3 Survival. Upon termination of this Agreement, all rights and obligations will immediately terminate except that any terms or conditions that by their nature should survive such termination will survive, including the License Restrictions and terms and conditions relating to proprietary rights and confidentiality, disclaimers, indemnification, limitations of liability and termination and the general provisions below. Section 9: General 9.1 Export Compliance. Each party will comply with the export laws and regulations of the United States, European Union, and other applicable jurisdictions in providing and using the Services. 9.2 Publicity. Customer agrees that Ascendo may refer to Customer’s name and trademarks in Ascendo’s marketing materials and website; however, Ascendo will not use Customer’s name or trademarks in any other publicity (e.g., press releases, customer references, and case studies) without Customer’s prior written consent (which may be by email). 9.3 Assignment; Delegation. Neither party hereto may assign or otherwise transfer this Agreement, in whole or in part, without the other party’s prior written consent, except that either party may assign this Agreement without consent to a successor to all or substantially all of its assets or business related to this Agreement. Any attempted assignment, delegation, or transfer by either party in violation hereof will be null or void. Subject to the foregoing, this Agreement will be binding on the parties and their successors and assigns. 9.4 Amendment; Waiver. No amendment or modification to this Agreement, nor any waiver of any rights hereunder, will be effective unless assented to in writing by both parties. Any such waiver will be only to the specific provision and under the specific circumstances for which it was given and will not apply with respect to any repeated or continued violation of the same provision or any other provision. Failure or delay by either party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision. 9.5 Relationship. Nothing contained herein will in any way constitute any association, partnership, agency, employment, or joint venture between the parties hereto, or be construed to evidence the intention of the parties to establish any such relationship. Neither party will have the authority to obligate or bind the other in any manner, and nothing herein contained will give rise or is intended to give rise to any rights of any kind to any third parties. 9.6 Unenforceability. If a court of competent jurisdiction determines that any provision of this Agreement is invalid, illegal, or otherwise unenforceable, such provision will be enforced as nearly as possible in accordance with the stated intention of the parties, while the remainder of this Agreement will remain in full force and effect and bind the parties according to its terms. 9.7 Governing Law. This Agreement will be governed by the laws of the State of California, exclusive of its rules governing choice of law and conflict of laws. This Agreement will not be governed by the United Nations Convention on Contracts for the International Sale of Goods. 9.8 Notices. Any notice required or permitted to be given hereunder will be given in writing by personal delivery, certified mail, return receipt requested, or by overnight delivery. Ascendo may provide notice using the information provided in the most recent Order Form and Customer may provide notice using the contact information provided on https://www.ascendo.ai . 9.9 Entire Agreement. This Agreement comprises the entire agreement between Customer and Ascendo with respect to its subject matter and supersedes all prior and contemporaneous proposals, statements, sales materials, or presentations and agreements (oral and written). No oral or written information or advice given by Ascendo, its agents, or employees will create a warranty or in any way increase the scope of the warranties in this Agreement. In the event of any conflict between this Agreement and the DPA or CCPA Addendum, the DPA and/or CCPA Addendum, as applicable, will govern 9.10 Force Majeure . Neither Party will be deemed in breach hereunder for any cessation, interruption, or delay in the performance of its obligations due to causes beyond its reasonable control (“ Force Majeure Event ”), including earthquake, flood, or other natural disasters, act of God, labor controversy, civil disturbance, terrorism, war (whether or not officially declared), cyber-attacks (e.g., denial of service attacks), or the inability to obtain sufficient supplies, transportation, or other essential commodity or service required in the conduct of its business, or any change in or the adoption of any law, regulation, judgment or decree. 9.11 Government Terms. Ascendo provides the Services, including related software and technology, for ultimate federal government end use solely in accordance with the terms of this Agreement. If Customer (or any of its customers) is an agency, department, or other entity of any government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Services, or any related documentation of any kind, including technical data, software, and manuals, is restricted by the terms of this Agreement. All other use is prohibited and no rights than those provided in this Agreement are conferred. The Services were developed fully at private expense. 9.12 Interpretation. For purposes hereof, “including” means “including without limitation”. Last Updated: May 17, 2023 Register now Submit First Name Last Name Email Company Name Thanks for submitting! Ascendo.AI Subprocessors Please register to be notified of any changes to the Subprocessor list on this page. If a change occurs, you will receive an email to the address that you provide. Subprocessor Policy Last Updated: June 2, 2023 Ascendo.AI may engage the following entities to process personal data that you include in your use of Ascendo.AI’s Cloud Services: Cloud Providers Data Types Description of Processing Third-Party Entity Google, Inc. Cloud Provider Ascendo.AI, runs on top of GCP. These cloud providers host the personal data you store in the Cloud Services. Cloud Provider MongoDB, Inc. Cloud Provider DB Headquartered Location Data Types Description of Processing Third-Party Entity To provide support and perform other service functions, we may also engage the following entities to process personal data on your behalf: Other Third-Party Subprocessor Twilio, Inc. 2FA and SMS Alerts If you turn on two-factor authentication or SMS alerts, Twilio receives basic info to provide you authentication codes and text alerts (e.g., phone number). San Francisco, CA Slack Technologies Support Channel If you engage in Support via Slack receives basic Contact info( e.g., name, email address). San Francisco, CA Google Inc. Email Support If you engage in email support via Gmail, Google receives basic contact info (e.g., name, email address). If you include other personal data in your support emails (e.g., snippets of database logs, query outputs, etc.), this information would also be processed by Google Mountain View, CA Affiliates Ascendo.AI may engage the following entities to process personal data that you include in your use of Ascendo.AI’s Cloud Services: Location Affiliate Entity Ascendo.AI, Inc. United States MongoDB.Inc Cloud Provider DB These cloud providers host all the data you store in the Cloud Services Google, Inc. Cloud Provider Ascendo.AI, runs on top of GCP.These cloud providers host the personal data you store in the Cloud Services. Ascendo.AI, runs on top of GCP. These cloud providers host the personal data you store in the Cloud Services. MongoDB, Inc. These cloud providers host all the data you store in the Cloud Services Third-Party Entity Description of Processing Slack Technologies Cloud Provider Ascendo.AI, runs on top of GCP. These cloud providers host the personal data you store in the Cloud Services. Support Channel Twilio, Inc. 2FA and SMS Alerts Google, Inc. Email Support Data Types Slack Technologies Cloud Provider Ascendo.AI, runs on top of GCP. These cloud providers host the personal data you store in the Cloud Services. If you engage in Support via Slack receives basic Contact info( e.g., name, email address). Twilio, Inc. If you turn on two-factor authentication or SMS alerts, Twilio receives basic info to provide you authentication codes and text alerts (e.g., phone number). Google, Inc. If you engage in email support via Gmail, Google receives basic contact info (e.g., name, email address). If you include other personal data in your support emails (e.g., snippets of database logs, query outputs, etc.), this information would also be processed by Google. Headquartered Location Slack Technologies Cloud Provider Ascendo.AI, runs on top of GCP. These cloud providers host the personal data you store in the Cloud Services. San Francisco, CA Twilio, Inc. Google, Inc. Mountain View, CA San Francisco, CA Last updated at " June 2rd 2023 Last updated at " June 2rd 2023 Data Processing Agreement and its Annexes (“DPA”) reflect the parties’ agreement with respect to the Processing of Personal Data by us on behalf of you in connection with the Ascendo Services under the Ascendo Customer Terms of Service available at Terms | Ascendo | Ascendo Terms of Service between you and us (also referred to in this DPA as the “Agreement”). This DPA is supplemental to, and forms an integral part of, the Agreement and is effective upon its incorporation into the Agreement, which may be specified in the Agreement, an Order Form, or an executed amendment to the Agreement. In case of any conflict or inconsistency with the terms of the Agreement, this DPA will take precedence over the terms of the Agreement to the extent of such conflict or inconsistency. The term of this DPA will follow the term of the Agreement. Terms not otherwise defined in this DPA will have the meaning as set forth in the Agreement. 1. Definitions “California Personal Information” means Personal Data that is subject to the protection of the CCPA. "CCPA" means California Civil Code Sec. 1798.100 et seq. (also known as the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 or "CPRA"). "Consumer", "Business", "Sell", "Service Provider", and "Share" will have the meanings given to them in the CCPA. “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. “Data Protection Laws” means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of Processing Personal Data in question under the Agreement, including without limitation European Data Protection Laws, the CCPA and other applicable U.S. federal and state privacy laws, and the data protection and privacy laws of Australia, Singapore, and Japan, in each case as amended, repealed, consolidated or replaced from time to time; with regard to Ascendo.AI, Data Protection Laws exclude laws governing Sensitive Information, as defined in the General Terms. “Data Subject” means the individual to whom Personal Data relates. "Europe" means the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom. “European Data” means Personal Data that is subject to the protection of European Data Protection Laws. "European Data Protection Laws" means data protection laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) ("GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iii) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"); and (iv) Swiss Federal Data Protection Act on 19 June 1992 and its Ordinance ("Swiss DPA"); in each case, as may be amended, superseded or replaced. “Instructions” means the written, documented instructions issued by a Controller to a Processor, and directing the same to perform a specific or general action with regard to Personal Data (including, but not limited to, depersonalizing, blocking, deletion, making available). "Permitted Affiliates" means any of your Affiliates that (i) are permitted to use the Subscription Services pursuant to the Agreement, but have not signed their own separate agreement with us and are not a “Customer” as defined under the Agreement, (ii) qualify as a Controller of Personal Data Processed by us, and (iii) are subject to European Data Protection Laws. “Personal Data” means any information relating to an identified or identifiable individual where (i) such information is contained within Customer Data; and (ii) is protected similarly as personal data, personal information, or personally identifiable information under applicable Data Protection Laws. “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by us and/or our Sub-Processors in connection with the provision of the Subscription Services. "Personal Data Breach" will not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems. "Privacy Shield" means the EU-U.S. and Swiss-US Privacy Shield self-certification program operated by the U.S. Department of Commerce and approved by the European Commission pursuant to its Decision of July 12, 2016, and by the Swiss Federal Council on January 11, 2017, respectively; as may be amended, superseded or replaced. "Privacy Shield Principles" means the Privacy Shield Principles (as supplemented by the Supplemental Principles) contained in Annex II to the European Commission Decision of July 12, 2016; as may be amended, superseded, or replaced. “Processing” means any operation or set of operations which is performed on Personal Data, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of Personal Data. The terms “Process”, “Processes” and “Processed” will be construed accordingly. “Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller. “Standard Contractual Clauses” means the standard contractual clauses annexed to the European Commission’s Decision (EU) 2021/914 of 4 June 2021 currently found at https://eur-lex.europa.eu/eli/dec_impl/2021/914 , as may be amended, superseded or replaced. “Sub-Processor” means any Processor engaged by us or our Affiliates to assist in fulfilling our obligations with respect to the provision of the Subscription Services under the Agreement. Sub-Processors may include third parties or our Affiliates but will exclude any Ascendo.AI employee or consultant. “UK Addendum” means the International Data Transfer Addendum issued by the UK Information Commissioner under section 119A (1) of the Data Protection Act 2018 currently found at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf , as may be amended, superseded, or replaced. 2. Customer Responsibilities a. Compliance with Laws. Within the scope of the Agreement and in its use of the services, you will be responsible for complying with all requirements that apply to it under applicable Data Protection Laws with respect to its Processing of Personal Data and the Instructions it issues to us. In particular but without prejudice to the generality of the foregoing, you acknowledge and agree that you will be solely responsible for: (i) the accuracy, quality, and legality of Customer Data and the means by which you acquired Personal Data; (ii) complying with all necessary transparency and lawfulness requirements under applicable Data Protection Laws for the collection and use of the Personal Data, including obtaining any necessary consents and authorizations (particularly for use by Customer for marketing purposes); (iii) ensuring you have the right to transfer, or provide access to, the Personal Data to us for Processing in accordance with the terms of the Agreement (including this DPA); (iv) ensuring that your Instructions to us regarding the Processing of Personal Data comply with applicable laws, including Data Protection Laws; and (v) complying with all laws (including Data Protection Laws) applicable to any emails or other content created, sent or managed through the Subscription Services, including those relating to obtaining consents (where required) to send emails, the content of the emails and its email deployment practices. You will inform us without undue delay if you are not able to comply with your responsibilities under this 'Compliance with Laws' section or applicable Data Protection Laws. b. Controller Instructions. The parties agree that the Agreement (including this DPA), together with your use of the Subscription Service in accordance with the Agreement, constitute your complete Instructions to us in relation to the Processing of Personal Data, so long as you may provide additional instructions during the subscription term that are consistent with the Agreement, the nature and lawful use of the Subscription Service. c. Security. You are responsible for independently determining whether the data security provided for in the Subscription Service adequately meets your obligations under applicable Data Protection Laws. You are also responsible for your secure use of the Subscription Service, including protecting the security of Personal Data in transit to and from the Subscription Service (including to securely backup or encrypt any such Personal Data). 3. Ascendo.AI Obligations a. Compliance with Instructions. We will only Process Personal Data for the purposes described in this DPA or as otherwise agreed within the scope of your lawful Instructions, except where and to the extent otherwise required by applicable law. We are not responsible for compliance with any Data Protection Laws applicable to you or your industry that are not generally applicable to us. b. Conflict of Laws. If we become aware that we cannot Process Personal Data in accordance with your Instructions due to a legal requirement under any applicable law, we will (i) promptly notify you of that legal requirement to the extent permitted by the applicable law; and (ii) where necessary, cease all Processing (other than merely storing and maintaining the security of the affected Personal Data) until such time as you issue new Instructions with which we are able to comply. If this provision is invoked, we will not be liable to you under the Agreement for any failure to perform the applicable Subscription Services until such time as you issue new lawful Instructions with regard to the Processing. c. Security. We will implement and maintain appropriate technical and organizational measures to protect Personal Data from Personal Data Breaches, as described under Annex 2 to this DPA ("Security Measures"). Notwithstanding any provision to the contrary, we may modify or update the Security Measures at our discretion provided that such modification or update does not result in a material degradation in the protection offered by the Security Measures. d. Confidentiality. We will ensure that any personnel whom we authorize to Process Personal Data on our behalf is subject to appropriate confidentiality obligations (whether a contractual or statutory duty) with respect to that Personal Data. e. Personal Data Breaches. We will notify you without undue delay after we become aware of any Personal Data Breach and will provide timely information relating to the Personal Data Breach as it becomes known or reasonably requested by you. At your request, we will promptly provide you with such reasonable assistance as necessary to enable you to notify relevant Personal Data Breaches to competent authorities and/or affected Data Subjects, if you are required to do so under Data Protection Laws. f. Deletion or Return of Personal Data. We will delete or return all Customer Data, including Personal Data (including copies thereof) Processed pursuant to this DPA, on termination or expiration of your Subscription Service in accordance with the procedures set out in our Product Specific Terms. This term will apply except where we are required by applicable law to retain some or all of the Customer Data, or where we have archived Customer Data on back-up systems, which data we will securely isolate and protect from any further Processing and delete in accordance with our deletion practices. You may request the deletion of your Ascendo.AI account after the expiration or termination of your subscription by sending a request to policy@ascendo.ai We strongly recommend retrieving your Customer Data prior to the end of your Subscription. If you need help retrieving your Customer Data during the Subscription Term, we will provide reasonable assistance to you, at your cost, and in accordance with the ‘Confidentiality’ section of the General Terms . 4. Data Subject Requests The Subscription Service provides you with a number of controls that you can use to retrieve, correct, delete or restrict Personal Data, which you can use to assist it in connection with its obligations under Data Protection Laws, including your obligations relating to responding to requests from Data Subjects to exercise their rights under applicable Data Protection Laws ("Data Subject Requests"). To the extent that you are unable to independently address a Data Subject Request through the Subscription Service, then upon your written request we will provide reasonable assistance to you to respond to any Data Subject Requests or requests from data protection authorities relating to the Processing of Personal Data under the Agreement. You will reimburse us for the commercially reasonable costs arising from this assistance. If a Data Subject Request or other communication regarding the Processing of Personal Data under the Agreement is made directly to us, we will promptly inform you and, will advise the Data Subject to submit their request to you. You will be solely responsible for responding substantively to any such Data Subject Requests or communications involving Personal Data. 5. Sub-Processor You agree we may engage Sub-Processors to Process Personal Data on your behalf, and we do so in three ways. First, we may engage Sub-Processors to assist us with hosting and infrastructure. Second, we may engage with Sub-Processors to support product features and integrations. Third, we may engage with Ascendo.AI Affiliates as Sub-Processors for service and support. Some Sub-Processors will apply to you as default, and some Sub-Processors will apply only if you opt in. We have currently appointed, as Sub-Processors, the third parties and Ascendo.AI Affiliates listed in Annex 3 to this DPA. You may subscribe to receive notifications by email if we add or replace any Sub-Processors by completing the form available at here If you opt-in to receive such email, we will notify you at least 30 days prior to any such change. We will give you the opportunity to object to the engagement of new Sub-Processors on reasonable grounds relating to the protection of Personal Data within 30 days of notifying you. If you do notify us of such an objection, the parties will discuss your concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, we will, at our sole discretion, either not appoint the new Sub-Processor, or permit you to suspend or terminate the affected Subscription Service in accordance with the termination provisions of the Agreement without liability to either party (but without prejudice to any fees incurred by you prior to suspension or termination). The parties agree that by complying with this sub-section, Ascendo.AI fulfills its obligations under Section 9 of the Standard Contractual Clauses. Where we engage Sub-Processors, we will impose data protection terms on the Sub-Processors that provide at least the same level of protection for Personal Data as those in this DPA (including, where appropriate, the Standard Contractual Clauses), to the extent applicable to the nature of the services provided by such Sub-Processors. We will remain responsible for each Sub-Processor’s compliance with the obligations of this DPA and for any acts or omissions of such Sub-Processor that cause us to breach any of its obligations under this DPA. 6. Data Transfers You acknowledge and agree that we may access and Process Personal Data on a global basis as necessary to provide the Subscription Service in accordance with the Agreement, and in particular that Personal Data may be transferred to and Processed by Ascendo.AI, Inc. in the United States and to other jurisdictions where Ascendo.AI Affiliates and Sub-Processors have operations. Wherever Personal Data is transferred outside its country of origin, each party will ensure such transfers are made in compliance with the requirements of Data Protection Laws. 7. Demonstration of Compliance We will make all information reasonably necessary to demonstrate compliance with this DPA available to you and allow for and contribute to audits, including inspections conducted by you or your auditor in order to assess compliance with this DPA, where required by applicable law. You acknowledge and agree that you will exercise your audit rights under this DPA and Clause 8.9 of the Standard Contractual Clauses by instructing us to comply with the audit measures described in this 'Demonstration of Compliance' section. You acknowledge that the Subscription Service is hosted by our hosting Sub-Processors who maintain independently validated security programs (including SOC 2) and that our systems are audited annually as part of SOC 2 compliance and regularly tested by independent third-party penetration testing firms. Upon request, we will supply (on a confidential basis) our SOC 2 report and summary copies of our penetration testing report(s) to you so that you can verify our compliance with this DPA. Further, at your written request, we will provide written responses (on a confidential basis) to all reasonable requests for information made by you necessary to confirm our compliance with this DPA, provided that you will not exercise this right more than once per calendar year unless you have reasonable grounds to suspect non-compliance with the DPA. 8. Additional Provisions for European Data a. Scope. This 'Additional Provisions for European Data' section will apply only with respect to European Data. b. Roles of the Parties. When Processing European Data in accordance with your Instructions, the parties acknowledge and agree that you are the Controller of European Data and we are the Processor. c. Instructions. If we believe that your Instruction infringes European Data Protection Laws (where applicable), we will inform you without delay. d. Sub-Processor Agreements. For the purposes of Clause 9(c) of the Standard Contractual Clauses, you acknowledge that we may be restricted from disclosing Sub-Processor agreements but we will use reasonable efforts to require any Sub-Processor we appoint to permit it to disclose the Sub-Processor agreement to you and will provide (on a confidential basis) all information we reasonably can. e. Data Protection Impact Assessments and Consultation with Supervisory Authorities. To the extent that the required information is reasonably available to us, and you do not otherwise have access to the required information, we will provide reasonable assistance to you with any data protection impact assessments, and prior consultations with supervisory authorities (for example, the French Data Protection Agency (CNIL), the Berlin Data Protection Authority (BlnBDI) and the UK Information Commissioner's Office (ICO)) or other competent data privacy authorities to the extent required by European Data Protection Laws. f. Transfer Mechanisms for Data Transfers. (A) Ascendo.AI will not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws) unless it first takes all such measures as are necessary to ensure the transfer is in compliance with applicable European Data Protection Laws. Such measures may include (without limitation) transferring such data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with European Data Protection Laws, or to a recipient that has executed appropriate standard contractual clauses in each case as adopted or approved in accordance with applicable European Data Protection Laws. (B) You acknowledge that in connection with the performance of the Subscription Services, Ascendo.AI, Inc. is a recipient of European Data in the United States. Subject to sub-sections (C) and (D), the parties agree that the Standard Contractual Clauses will be incorporated by reference and form part of the Agreement as follows: (a) EEA Transfers. In relation to European Data that is subject to the ⁠GDPR (i) Customer is the "data exporter" and Ascendo.AI, Inc. is the "data importer"; (ii) the Module Two terms apply to the extent the Customer is a Controller of European Data and the Module Three terms apply to the extent the Customer is a Processor of European Data; (iii) in Clause 7, the optional docking clause applies; (iv) in Clause 9, Option 2 applies and changes to Sub-Processors will be notified in accordance with the ‘Sub-Processors’ section of this DPA; (v) in Clause 11, the optional language is deleted; (vi) in Clauses 17 and 18, the parties agree that the governing law and forum for disputes for the Standard Contractual Clauses will be determined in accordance with the 'Contracting Entity; Applicable Law; Notice’ section of the Jurisdiction Specific Terms or, if such section does not specify an EU Member State, the Republic of Ireland (without reference to conflicts of law principles); (vii) the Annexes of the Standard Contractual Clauses will be deemed completed with the information set out in the Annexes of this DPA; and (viii) if and to the extent the Standard Contractual Clauses conflict with any provision of this DPA the Standard Contractual Clauses will prevail to the extent of such conflict. (b) UK Transfers. In relation to European Data that is subject to the UK GDPR, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications (i) the Standard Contractual Clauses will be modified and interpreted in accordance with the UK Addendum, which will be incorporated by reference and form an integral part of the Agreement; (ii) Tables 1, 2 and 3 of the UK Addendum will be deemed completed with the information set out in the Annexes of this DPA and Table 4 will be deemed completed by selecting “neither party”; and (iii) any conflict between the terms of the Standard Contractual Clauses and the UK Addendum will be resolved in accordance with Section 10 and Section 11 of the UK Addendum. (c) Swiss Transfers. In relation to European Data that is subject to the Swiss DPA, the Standard Contractual Clauses will apply in accordance with subsection (a), and the following modifications (i) references to "Regulation (EU) 2016/679" will be interpreted as references to the Swiss DPA; (ii) references to "EU", "Union" and "Member State law" will be interpreted as references to Swiss law; and (iii) references to the "competent supervisory authority" and "competent courts" will be replaced with the "the Swiss Federal Data Protection and Information Commissioner " and the "relevant courts in Switzerland". (C) Where the Ascendo.AI contracting entity under the Agreement is not Ascendo.AI, Inc., such contracting entity (not Ascendo.AI, Inc.) will remain fully and solely responsible and liable to you for the performance of the Standard Contractual Clauses by Ascendo.AI, Inc., and you will direct any instructions, claims or enquiries in relation to the Standard Contractual Clauses to such contracting entity. If Ascendo.AI cannot comply with its obligations under the Standard Contractual Clauses or is breach of any warranties under the Standard Contractual Clauses or UK Addendum (as applicable) for any reason, and you intend to suspend the transfer of European Data to Ascendo.AI or terminate the Standard Contractual Clauses ,or UK Addendum, you agree to provide us with reasonable notice to enable us to cure such non-compliance and reasonably cooperate with us to identify what additional safeguards, if any, may be implemented to remedy such non-compliance. If we have not or cannot cure the non-compliance, you may suspend or terminate the affected part of the Subscription Service in accordance with the Agreement without liability to either party (but without prejudice to any fees you have incurred prior to such suspension or termination). (D) Although Ascendo.AI, Inc. does not currently rely on the EU-US Privacy Shield as a legal basis for transfers of European Data in light of the judgment of the Court of Justice of the EU in Case C-311/18, for as long as Ascendo.AI, Inc. is self-certified to the Privacy Shield Ascendo.AI, Inc will process European Data in compliance with the Privacy Shield Principles and let you know if it is unable to comply with this requirement. In the event that Ascendo.AI adopts an alternative transfer mechanism (including any new or successor version of the EU-US Privacy Shield) for transfers of European Data to Ascendo.AI, Inc., such alternative transfer mechanism will apply automatically instead of the Standard Contractual Clauses described in this DPA (but only to the extent such alternative transfer mechanism complies with European Data Protection Laws), and you agree to execute such other documents or take such action as may be reasonably necessary to give legal effect such alternative transfer mechanism. 9. Additional Provisions for California Personal Information a. Scope. The 'Additional Provisions for California Personal Information' section of the DPA will apply only with respect to California Personal Information. b. Roles of the Parties. When processing California Personal Information in accordance with your Instructions, the parties acknowledge and agree that you are a Business and we are a Service Provider for the purposes of the CCPA. c. Responsibilities. We certify that we will Process California Personal Information as a Service Provider strictly for the purpose of performing the Subscription Services and Consulting Services under the Agreement (the "Business Purpose") or as otherwise permitted by the CCPA, including as described in the 'Usage Data' section of our Privacy Policy. Further, we certify we i) will not Sell or Share California Personal Information; (ii) will not Process California Personal Information outside the direct business relationship between the parties, unless required by applicable law; and (iii) will not combine the California Personal Information included in Customer Data with personal information that we collect or receive from another source (other than information we receive from another source in connection with our obligations as a Service Provider under the Agreement). d. Compliance. We will (i) comply with obligations applicable to us as a Service Provider under the CCPA and (ii) provide California Personal Information with the same level of privacy protection as is required by the CCPA. We will notify you if we make a determination that we can no longer meet our obligations as a Service Provider under the CCPA. e. CCPA Audits. You will have the right to take reasonable and appropriate steps to help ensure that we use California Personal Information in a manner consistent with Customer’s obligations under the CCPA. Upon notice, you will have the right to take reasonable and appropriate steps in accordance with the Agreement to stop and remediate unauthorized use of California Personal Information. f. Not a Sale. The parties acknowledge and agree that the disclosure of California Personal Information by the Customer to Ascendo.AI does not form part of any monetary or other valuable consideration exchanged between the parties. 10. General Provisions a. Amendments. Notwithstanding anything else to the contrary in the Agreement and without prejudice to the ‘Compliance with Instructions’ or ‘Security’ sections of this DPA, we reserve the right to make any updates and changes to this DPA and the terms that apply in the ‘Amendment; No Waiver’ section of the General Terms will apply. b. Severability. If any individual provisions of this DPA are determined to be invalid or unenforceable, the validity and enforceability of the other provisions of this DPA will not be affected. c. Limitation of Liability. Each party and each of their Affiliates' liability, taken in aggregate, arising out of or related to this DPA (and any other DPAs between the parties) and the Standard Contractual Clauses (where applicable), whether in contract, tort or under any other theory of liability, will be subject to the limitations and exclusions of liability set out in the 'Limitation of Liability' section of the General Terms and any reference in such section to the liability of a party means aggregate liability of that party and all of its Affiliates under the Agreement (including this DPA). For the avoidance of doubt, if Ascendo.AI, Inc. is not a party to the Agreement, the ‘Limitation of Liability’ section of the General Terms will apply as between you and Ascendo.AI, Inc., and in such respect, any references to ‘Ascendo.AI’, ‘we’, ‘us’ or ‘our’ will include both Ascendo.AI, Inc. and the Ascendo.AI entity that is a party to the Agreement. In no event will either party's liability be limited with respect to any individual's data protection rights under this DPA (including the Standard Contractual Clauses) or otherwise. d. Governing Law. This DPA will be governed by and construed in accordance with the ‘Contracting Entity; ‘Applicable Law; Notice' sections of the Jurisdiction Specific Terms, unless required otherwise by Data Protection Laws. 11. Parties to this DPA a. Permitted Affiliates . By signing the Agreement, you enter into this DPA (including, where applicable, the Standard Contractual Clauses) on behalf of yourself and in the name and on behalf of your Permitted Affiliates. For the purposes of this DPA only, and except where indicated otherwise, the terms “Customer”, “you” and “your” will include you and such Permitted Affiliates. b. Authorization. The legal entity agreeing to this DPA as Customer represents that it is authorized to agree to and enter into this DPA for and on behalf of itself and, as applicable, each of its Permitted Affiliates. c. Remedies. The parties agree that (i) solely the Customer entity that is the contracting party to the Agreement will exercise any right or seek any remedy any Permitted Affiliate may have under this DPA on behalf of its Affiliates, and (ii) the Customer entity that is the contracting party to the Agreement will exercise any such rights under this DPA not separately for each Permitted Affiliate individually but in a combined manner for itself and all of its Permitted Affiliates together. The Customer entity that is the contracting entity is responsible for coordinating all Instructions, authorizations, and communications with us under the DPA and will be entitled to make and receive any communications related to this DPA on behalf of its Permitted Affiliates. d. Other rights. The parties agree that you will, when reviewing our compliance with this DPA pursuant to the ‘Demonstration of Compliance’ section, take all reasonable measures to limit any impact on us and our Affiliates by combining several audit requests carried out on behalf of the Customer entity that is the contracting party to the Agreement and all of its Permitted Affiliates in one single audit. Annex 1 - Details of Processing A. List of Parties Data Exporter: Name: The Customer, as defined in the Ascendo.AI Customer Terms of Service (on behalf of itself and Permitted Affiliates) Address: The Customer's address, as set out in the Order Form Contact person’s name, position, and contact details: The Customer's contact details, as set out in the Order Form and/or as set out in the Customer’s Ascendo.AI Account Activities relevant to the data transferred under these Clauses: Processing of Personal Data in connection with Customer's use of the Ascendo.AI Subscription Services under the Ascendo.AI Customer Terms of Service Role (controller/processor): Controller Data Importer: Name: Ascendo.AI, Inc. Address: 228 Hamilton Avenue, Floor 3, Palo Alto, CA 94301 USA Contact person’s name, position, and contact details: Ramki PitchuIyer, CPO, Ascendo.AI, Inc., 228 Hamilton Avenue, Floor 3, Palo Alto, CA 94301USA Activities relevant to the data transferred under these Clauses: Processing of Personal Data in connection with Customer's use of the Ascendo.AI Subscription Services under the Ascendo.AI Customer Terms of Service Role (controller/processor): Processor B. Description of Transfer Categories of Data Subjects whose Personal Data is Transferred You may submit Personal Data in the course of using the Subscription Service, the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Data Subjects: Your Contacts and other end users including your employees, contractors, collaborators, customers, prospects, suppliers and subcontractors. Data Subjects may also include individuals attempting to communicate with or transfer Personal Data to your end users. Categories of Personal Data Transferred You may submit Personal Data to the Subscription Services, the extent of which is determined and controlled by you in your sole discretion, and which may include but is not limited to the following categories of Personal Data: 1. Contact Information (as defined in the General Terms ). 2. Any other Personal Data submitted by, sent to, or received by you, or your end users, via the Subscription Service. Sensitive Data transferred and applied restrictions or safeguards The parties do not anticipate the transfer of sensitive data. Frequency of the transfer Continuous Nature of the Processing Personal Data will be Processed in accordance with the Agreement (including this DPA) and may be subject to the following Processing activities: 1. Storage and other Processing necessary to provide, maintain and improve the Subscription Services provided to you; and/or 2. Disclosure in accordance with the Agreement (including this DPA) and/or as compelled by applicable laws. Purpose of the transfer and further processing We will Process Personal Data as necessary to provide the Subscription Services pursuant to the Agreement, as further specified in the Order Form, and as further instructed by you in your use of the Subscription Services. Period for which Personal Data will be retained Subject to the 'Deletion or Return of Personal Data' section of this DPA, we will Process Personal Data for the duration of the Agreement, unless otherwise agreed in writing. C. Competent Supervisory Authority For the purposes of the Standard Contractual Clauses, the supervisory authority that will act as competent supervisory authority will be determined in accordance with ⁠GDPR . Annex 2 - Security Measures We are currently observing the Security Measures described in Annex 2. All capitalized terms not otherwise defined herein will have meanings as set forth in the General Terms. For more information on these security measures, please refer to Ascendo.AI SOC 2 Type II Report. a) Access Control i) Preventing Unauthorized Product Access Outsourced processing: We host our Service with outsourced cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors. Physical and environmental security: We host our product infrastructure with multi-tenant, outsourced infrastructure providers. We do not own or maintain hardware located at the outsourced infrastructure providers’ data centers. Production servers and client-facing applications are logically and physically secured from our internal corporate information systems. The physical and environmental security controls are audited for SOC 2 Type II, among other certifications. Authentication: We implement a uniform password policy for our customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. Authorization: Customer Data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of our products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization. ii) Preventing Unauthorized Product Use We implement industry-standard access controls and detection capabilities for the internal networks that support its products. Access controls: Network access control mechanisms are designed to prevent network traffic using unauthorized protocols from reaching the product infrastructure. The technical measures implemented differ between infrastructure providers and include Virtual Private Cloud (VPC) implementations, security group assignments, and traditional firewall rules. Intrusion detection and prevention: We implement a Web Application Firewall (WAF) solution to protect hosted customer websites and other internet-accessible applications. The WAF is designed to identify and prevent attacks against publicly available network services. Static code analysis: Code stored in our source code repositories is checked for best practices and identifiable software flaws using automated tooling. Penetration testing: We maintain relationships with industry-recognized penetration testing service providers for penetration testing of Ascendo.AI web application at least annually. The intent of these penetration tests is to identify security vulnerabilities and mitigate the risk and business impact they pose to the in-scope systems. Bug bounty: A bug bounty program invites and incentivizes independent security researchers to ethically discover and disclose security flaws. We implement a bug bounty program in an effort to widen the available opportunities to engage with the security community and improve the product defenses against sophisticated attacks. iii) Limitations of Privilege & Authorization Requirements Product access: A subset of our employees have access to the products and to customer data via controlled interfaces. The intent of providing access to a subset of employees is to provide effective customer support, product development, and research, to troubleshoot potential problems, to detect and respond to security incidents, and implement data security. Access is enabled through “just in time” (JITA) requests for access; all such requests are logged. Employees are granted access by role, and reviews of high-risk privilege grants are initiated daily. Administrative or high-risk access permissions are reviewed at least once every six months. Background checks: Where permitted by applicable law, Ascendo.AI employees undergo third-party background or reference checks. In the United States, employment offers are contingent upon the results of a third-party background check. All Ascendo.AI employees are required to conduct themselves in a manner consistent with company guidelines, non-disclosure requirements, and ethical standards. b) Transmission Control In-transit: We require HTTPS encryption (also referred to as SSL or TLS) on all login interfaces and for free on every customer site hosted on the Ascendo.AI products. Our HTTPS implementation uses industry-standard algorithms and certificates. At-rest: We store user passwords following policies that follow industry standard practices for security. We have implemented technologies to ensure that stored data is encrypted at rest. c) Input Control Detection: We designed our infrastructure to log extensive information about the system behavior, traffic received, system authentication, and other application requests. Internal systems aggregate log data and alert appropriate employees of malicious, unintended, or anomalous activities. Our personnel, including security, operations, and support personnel, are responsive to known incidents. Response and tracking: We maintain a record of known security incidents that includes description, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated by security, operations, or support personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, we will take appropriate steps to minimize product and Customer damage or unauthorized disclosure. Notification to you will be in accordance with the terms of the Agreement. d) Availability Control Infrastructure Availability: The infrastructure providers use commercially reasonable efforts to ensure a minimum of 99.95% uptime. The providers maintain a minimum of N+1 redundancy to power, network, and heating, ventilation, and air conditioning (HVAC) services. Fault Tolerance: Backup and replication strategies are designed to ensure redundancy and fail-over protections during a significant processing failure. Customer data is backed up to multiple durable data stores and replicated across multiple availability zones. Online Replicas And Backups: Where feasible, production databases are designed to replicate data between no less than 1 primary and 1 secondary database. All databases are backed up and maintained using at least industry-standard methods. Disaster Recovery Plans: We maintain and regularly test disaster recovery plans to help ensure the availability of information following interruption to, or failure of, critical business processes. Our products are designed to ensure redundancy and seamless failover. The server instances that support the products are also architected with a goal of preventing single points of failure. This design assists our operations in maintaining and updating the product applications and backend while limiting downtime. Annex 3 - Sub-Processors To help Ascendo.AI deliver the Subscription Service, we engage Sub-Processors to assist with our data processing activities. A list of our Sub-Processors and our purpose for engaging them is located on our Ascendo.AI Sub-Processors Page available at https://www.ascendo.ai/subprocessor, which is incorporated into this DPA. Data Processing Agreement Last Updated: June 2, 2023 Ready to learn more? Contact Us For Security Questions Contact - ascendoinfosec@ascendo.ai

Join Our Team We are hiring! Do you have a curiosity to learn? Are you responsible and accountable to deliver what you promised? Are you not afraid to make mistakes? But ready to learn so the same mistake doesn't happen again? If so, you will be a great fit for Ascendo! Marketing Lead Full Time Chennai, Tamil Nadu, India Read more Junior Python Developer Full Time Chennai, Tamil Nadu, India Read more Customer Support Customer Support Remote Read more Angular Frontend Developer Full Time Remote, United States Read more SEO Specialist Part Time Remote, United States Read more PR and Outreach Event Management Freelance / Intern Remote, United States Read more Graphic Design Intern Remote, United States Read more Product Designer Intern / Full time Fresher Remote, United States Read more Digital Marketer Part Time Remote Read more Sales Development Representative Full Time Remote Read more Machine Learning Engineering Intern Intern Remote, United States Read more Web Developer Full Time Remote, United States Read more We at Ascendo, believe in a healthy culture dedicated to work and fun. We are a team who works hard, feels proud, and stays real and humble. You may not be a perfect match, but our team can shape you to be the best. If this sounds cool to you, you will be successful here! Dive into the world of human-machine interactions, empowering the experiences while reducing the effort and time for super complex issues. We look forward to someone who considers the product as his goal and swims through with us in building the best possible product that leverages the latest technologies for doing good. Learning never stops, and we take care that we are constantly innovating. Come join us and make wonders with AI and ML. We're looking for people to join the team who are as excited as we are to help build the product that empowers the future of customer support and experiences. Who Excels at Ascendo? Our Culture Open Positions

Strategies to manage difficult situations with key customers Rachael McBrearty, Alex, Ravi May 5, 2022 Previous Item Next Item The pandemic has taught us innovative ways to connect with key customers more than ever before. When an organization thinks about key customers, they also think about how we break down and understand how they serve them. Are key customers someone who brings in the share of revenue, someone who makes us more profitable? Is it simply someone bringing in a share of recurring revenue, a level of profitability we have with them, or someone that also satisfies the following: Customer lifetime value Level of influence and/or authority in the market Number of referrals they make Level of alignment and commitment to shared partnership goals Focusing on the key customer simply allows you to focus on your mission, vision, and products that will be the most influential to the overall success of your business. When we think about managing difficult situations of key customers, we try to anticipate what the challenges are. When we think of the customers, we think about them in a multifaceted way. We should also think about those key customers from a market segment perspective. We align with the customer's business process and help them set up their business rules. Every business or organization has to have a support team. An organization always needs help from the support team, not just technical issues, but just support and questions. As we know B2B software support has evolved over the last course of years, so you have to be very closely working with your product and engineering teams as well as within the support. mean you have to respond very quickly and make sure that we're listening to customers and taking their feedback and pushing it into our product team so that they can prioritize. Take some time to understand the business use case, for why the customer is requesting that feature in that functionality. Once you get the best understanding of what exactly they're trying to accomplish, think about these implementations. Even if you can't accommodate it in the immediate future, you can at least get an understanding of what they want to do. Also letting the customer know we're on it, letting them know that it's been escalated to senior leadership is super important for them knowing that we're on it and that we care. Another important factor is to Identify a broader customer requirement, when a lot of customers are reporting the same type of issues, the support team must understand what kind of tickets they are getting and why they are getting those tickets. When we do this proactively, doing that will bring up some of these things and will be helpful, this helps make your products better. Top CX Metrics: The first important metric is to do a CSAT survey for our support, and how our customers feel about the experience is super important. The other is the Practical side of the business, the relationship between support issues and retention is also a factor, look at churn, we do say it is a result of not dealing with issues properly. The third thing is for Employees, always keep the focus on a decent workload on the team. More shuffling, ups and downs in staffing due to any reason, also affects so one should be aware of these metrics and make sure that they are taking care of their employees. Best way to measure churn – Customer churn is a SaaS business metric that measures the number of customers that any business loses over a fixed time. Churn or retention is a very important part, and turn is not always attributed to lack of support necessary. We have to beat down deep in terms of what's causing the churn. There are several things that you have to look at in the churn to figure out why customers are turning. You can’t solve a customer churn problem until you’ve identified its source, so understanding Why You’re Losing Customers is an essential step. Strategies for mitigating avoidable and the unavoidable Avoidable and Unavoidable –There are other organizational challenges that people might have also that might result in churn, which we have no control over. Work with a chart of avoidable and unavoidable things. So, one of the things is how much is avoidable and unavoidable. Avoidable is what we focus on because that is something we can control. On the other hand, unavoidable are things that are beyond our control that are going to cause churns and that we have no control over. Freemium Business Model – In this digitization era, we can see a new or transforming concept of B2B or B2C. Now organizations can customize the business to use their operations with different models, like the Freemium model. With this businesses can provide Free premiums for their customers, these basic features of the products would be provided by the organization which helps customers to understand the effectiveness and quality of products or services. Once the customer downloads the product or starts using the services, determine the level of help that can be given to this customer to make sure that they're able to use it. Work on the backend, and send them information about the product or service or other help. Companies measure how much a customer wants services. When the customer evaluates products, they must see how much knowledge there is here. Finding information by hand, or self-help is more appreciated by the customers. The company should be more proactive, and able to identify the most important information that should be provided to them. So, the challenge for the companies is to be able to identify. what they need to provide to their customers more in a more proactive manner, whether it's to our knowledge center or whether companies are approaching them. So that is where the most supported model is evolving. Companies use all of the interactions and use the data to bring out the escalations. if a company sees an issue, starting to happen to be able to get in front of that, if it's something that's not new that starts to impact certain customers who have certain setups. In SAAS, it’s much easier to remotely monitor what the customer is doing. It is leveraging your solutions for the right and from a support perspective in terms of monitoring escalations. It's keeping a pulse on what sort of issues we're seeing, how frequently they're occurring and what types of subjects matter to those tickets that are coming in from these. Customers are concerned if we see a trend where a certain question is being asked more than once will surface in our CSM. Companies should escalate that and make sure they get what they need from a wider product operation perspective. It's also keeping an eye out for critical operations that are ongoing and may be affected by issues that come up. Also think sometimes about how we work with our customers, how we alert them, how we communicate with customers when we communicate, we're just not bothering them every single time, make sure that they're not overwhelmed, we have to keep that in mind that we are not the only vendor they're dealing with. Companies also focus on the training they are offering for people to deal with very difficult conversations and difficult scenarios. When a customer is upset and frustrated with an issue that they gauge is severe and critical, even if that's not the actual understanding from the support team in terms of product knowledge, Maybe it's not that severe in terms of how to fix it. But it feels like a major issue to the customer. be ready to empathize with their needs, understand their needs, but also be able to address them in a way where you understand their concern but still move them forward. make sure that your employees for troubleshooting are fully well versed on how to troubleshoot the product, and how to look into specific pieces of features. At the same time. They have to also be aware of when the threshold is to escalate an issue. Another thing that is also important in training is getting the motion down where a support agent can gather as much information about the issue as possible. Before jumping on a call with a customer. Should never jump on a call with a customer half-cocked or half prepared because that is not going to be a good customer experience. Believe in transparency, always let the customers know what the truth is, that's not hiding behind the trees. The team has to be transparent with the customers. The other thing that is very critical is it's a white box approach. Which means the customer needs to know what’s going on? Sometimes customers are not worried about or don't get annoyed by the ladle resolution, but they get annoyed because they don't know how you're resolving the issue. Customers want to know the root cause, so the support team should help and tell them about the issue and resolve the investigation process. So as we get more digital as we get smarter than able to serve up answers digitally, that has a huge opportunity to create raving fans with support.

Knowledge Intelligence with Ascendo AI