TABLE OF CONTENTS

1. DEFINITIONS

For the purposes of this Agreement, the following terms shall have the meanings set forth below:

1.1 “Admin” means the Customer or its authorised representative(s) who purchases the Services and manages User access, permissions, and settings within the Virtual Data Room as further described in Clause 6 (User Account Management);

1.2 “Affiliate” means, with respect to any Party, any entity that directly or indirectly controls, is controlled by, or is under common control with such Party, where “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity, whether through ownership of voting securities, by contract, or otherwise;

1.3 “Agreement” means these Terms and Conditions, together with all schedules, annexures, exhibits, and amendments hereto;

1.4 “Confidential Information” means all non-public, proprietary or confidential information in any form disclosed by one Party (“Disclosing Party”) to the other Party (“Receiving Party”) in connection with this Agreement as further described in Clause 12 (Confidentiality), including, without limitation, trade secrets, financial information, business operations, technical documentation, source code, product roadmaps, data, know-how, and intellectual property.

1.5 “Company Data” means all proprietary data, software, content, know-how, methodologies, and other materials owned or developed by SecureRoom or its Affiliates in relation to the Services.

1.6 “Customer” has the meaning given in the Introduction.

1.7 “Customer Data” means all documents, files, materials, and data uploaded, submitted, stored, or otherwise made available by or on behalf of the Customer or its Users through the Services, including any Personal Data as defined in this Clause 1.

1.8 “Virtual Data Room” refers to the hosted virtual data room environment provided to the Customer as part of the Services as described in Clause 2 (Scope of Services).

1.9 “Virtual Data Room Administrator” means the individual designated by the Customer as responsible for configuring access rights and settings for Users within the Data Room as per Clause 3 (Dataroom Set Up).

1.10 “Effective Date” means the date on which the Customer first accepts or otherwise agrees to be bound by this Agreement.

1.11 “Fees” means the charges payable by the Customer for the Services, as set out in Clause 4 (Fees & Payment) and in the applicable order form, annexure or any other document agreed in writing between the Parties.

1.12 “Granular Permissioning” means the functionality within the Services that enables the Customer to apply role-based, folder-level or document-level access controls as described in Clause 2.1(a).

1.13 “Intellectual Property Rights” means all rights relating to inventions, patents, utility models, copyrights and related rights, database rights, trade names, trademarks, trade secrets, know-how, designs, and all other similar proprietary or intellectual property rights, whether registered or unregistered and existing anywhere in the world, as further referenced in Clause 13 (Intellectual Property).

1.14 “Laws” means all applicable statutes, laws, rules, regulations, directives and governmental requirements of any competent authority as referenced in Clause 10 (Compliance with Law).

1.15 “Maintenance and Support” means the technical assistance, updates and support services provided by SecureRoom in accordance with Annexure A and/or the Service Level Appendix as described in Clause 20 (Service Level).

1.16 “Permitted Downtime” means any period of Service unavailability as defined in Clause 20.1, including scheduled maintenance, force majeure events, outages caused by Customer systems or networks, urgent security updates, or failures of third-party providers.

1.17 “Personal Data” means any information relating to an identified or identifiable natural person, and shall include “personal information”, “personally identifiable information”, or similar terms under applicable Laws as referenced in Clause 11 (Data Privacy).

1.18 “Scheduled Maintenance” means the maintenance activities carried out by SecureRoom on the Services, which are notified to the Customer in advance in accordance with Clause 20.2.

1.19 “Services” means the subscription-based provision of SecureRoom’s virtual data room platform (including any web, desktop, or mobile applications), together with related implementation, maintenance, and support services as described in Clause 2 (Scope of Services).

1.20 “Subscription Term” means the period during which the Customer has subscribed to receive the Services, as specified in the relevant order form and as referenced in Clause 21 (Term and Termination).

1.21 “Taxes” means all taxes, duties, levies, and other governmental assessments applicable to the Services, other than taxes imposed on SecureRoom’s net income, as referenced in Clause 4.2.

1.22 “Third-Party Applications/Services” means third-party software, applications, tools or services that interoperate with or are utilised in the provision of the Services and are not developed or owned by SecureRoom as described in Clause 9 (Third Party Integrations and Sub-Processor).

1.23 “Usage Data” means any aggregated or anonymised technical or operational data generated through the Customer’s or Users’ access to or use of the Services, which does not identify the Customer or any User.

1.24 “Users” means any individual authorised by the Customer (including Admins and Data Room Administrators as defined in this Clause 1) to access and/or use the Services under the Customer’s account as further described in Clause 6 (User Account Management).

1.25 “Order Form” means any mutually agreed order document or online subscription confirmation specifying the Services to be provided to the Customer and the applicable Fees and Subscription Term as referenced in Clause 4.1.

1.26 “Party” means either SecureRoom or the Customer (and “Parties” shall be construed accordingly).

2. SCOPE OF SERVICES

2.1 SecureRoom shall make available to the Customer a secure, cloud-hosted virtual data room platform (the “Virtual Data Room”) enabling the controlled upload, storage, access, and sharing of documents and data, together with associated functionalities such as:
a) role-based and granular permissioning as defined in Clause 1;
b) activity logging and audit trails;
c) document watermarking and version control;
d) full text search and indexing; and
e) any other features, modules, or enhancements made generally available by SecureRoom from time to time (collectively, the “Services”).

2.2 SecureRoom shall use commercially reasonable efforts to provide the Services to the Customer in accordance with Clause 20 (Service Level). SecureRoom may perform routine and emergency maintenance and implement updates, patches, or upgrades to the Services as required, provided that it uses reasonable endeavours to minimise disruption to the Customer’s access to the Services.
Customer acknowledges and agrees that:
a) the Services may interoperate with or rely on certain third-party applications, tools, or service providers as described in Clause 9 (Third Party Integrations and Sub-Processor) (including but not limited to cloud infrastructure providers such as Amazon Web Services), and
b) SecureRoom shall be entitled to utilise such third parties in the provision of the Services, subject to SecureRoom remaining responsible for the performance of its obligations under this Agreement.

2.3 SecureRoom reserves the right to modify, enhance, or replace any functionality of the Services in accordance with Clause 26 (Changes to This Agreement), provided that such changes do not materially diminish the overall functionality of the Services during the applicable Subscription Term as defined in Clause 1.

2.4 Third-Party Dependency Disclaimer
The Customer acknowledges and agrees that:
a) Service Dependencies: The Services rely on various Third-Party Applications/Services as listed in Annexure B, and SecureRoom cannot guarantee the continuous availability, performance, or security of such third-party services.
b) No Service Level Guarantees for Third-Party Components: Any Service Level commitments in Clause 20 (Service Level) shall not apply to, and SecureRoom shall have no liability for, any Service interruption, degradation, or failure caused by Third-Party Applications/Services.
c) Customer Acceptance of Risk: By using the Services, the Customer accepts all risks associated with third-party dependencies and agrees that any business disruption, data loss, or security incident resulting from third-party failures is entirely the Customer’s responsibility.

3. DATAROOM SET UP

3.1 Upon commencement of the Subscription Term as defined in Clause 1 and subject to receipt of any information reasonably requested by SecureRoom, SecureRoom shall provision and configure the Customer’s Virtual Data Room environment and provide the Customer with administrative credentials to access the same.

3.2 The Customer shall designate one or more Data Room Administrators as defined in Clause 1, who shall be responsible for:
a) configuring folder structures and permission settings,
b) inviting and managing Users as defined in Clause 1, and
c) monitoring the activity of Users within the Virtual Data Room.

3.3 SecureRoom shall not be responsible for any unauthorised access or activity resulting from the Customer’s configuration of the Data Room or the Customer’s failure to properly manage User credentials in accordance with Clause 6 (User Account Management).

3.4 SecureRoom shall provide the Customer and its designated Users with access to available onboarding resources, technical documentation, and/or training materials for the purpose of enabling the effective use of the Services. Any additional or bespoke implementation or training services requested by the Customer may be subject to additional Fees as defined in Clause 1, agreed between the Parties in writing.

3.5 Customer acknowledges that SecureRoom may require certain information, materials, and assistance from the Customer in order to complete the Virtual Data Room setup. The Customer shall provide all such cooperation in a timely manner, and any delay or failure to do so may impact the timeline for Virtual Data Room availability for which SecureRoom shall not be liable.

4. FEES & PAYMENT

4.1 The Customer shall pay to SecureRoom the Fees as defined in Clause 1 set out in the Order Form as defined in Clause 1 (or otherwise agreed in writing between the Parties) in consideration for the provision of the Services. The Fees may include:
a) recurring subscription charges, payable monthly or annually in advance; and
b) project specific or usage based charges (including additional User licences, add-on modules, or excess storage fees), which shall be invoiced in advance.

4.2 Unless expressly stated otherwise, all Fees are exclusive of Taxes as defined in Clause 1. The Customer shall be responsible for the payment of all applicable Taxes arising in connection with this Agreement.

4.3 SecureRoom shall issue invoices for the Fees in accordance with the Order Form, and the Customer shall pay each invoice in full in advance or within 3 days. All payments shall be made in the currency specified in the invoice and by electronic bank transfer or such other payment method agreed between the Parties.

4.4 If the Customer fails to make any payment when due, SecureRoom may:
a) charge interest on the overdue amount at a rate of 1.5% per month (or, if lower, the maximum rate permitted under applicable Laws as defined in Clause 1), accruing on a daily basis from the due date until the date of actual payment; and/or
b) suspend access to the Services upon written notice to the Customer in accordance with Clause 24 (Notices), provided that SecureRoom shall restore access promptly upon receipt of full payment.

5. TERMS OF USE OF SERVICES

5.1 Licence Grant
Subject to the terms of this Agreement and the timely payment of all applicable Fees as defined in Clause 1, SecureRoom grants to the Customer a limited, revocable, non-exclusive, non-transferable, and non-sublicensable right to access and use the Services solely for the Customer’s internal business purposes during the Subscription Term as defined in Clause 1. The Services are licensed, and not sold, to the Customer.

5.2 User Access and Responsibility
The Customer shall be solely responsible for:
a) designating Virtual Data Room Administrators as defined in Clause 1 and assigning User roles in accordance with Clause 6 (User Account Management);
b) configuring appropriate access permissions and maintaining the confidentiality of all login credentials; and
c) ensuring that all Users comply with this Agreement.
Any acts or omissions of Users shall be deemed the acts or omissions of the Customer.

5.3 Acceptable Use
The Customer shall not, and shall ensure that its Users do not:
a) use the Services for any unlawful, fraudulent, or unauthorised purpose, or in a manner that violates any applicable Laws as defined in Clause 1, rules or regulations;
b) introduce into the Services any viruses, malware, or other malicious code;
c) upload or transmit any material that is defamatory, obscene, or infringing upon the Intellectual Property Rights as defined in Clause 1 of any third party;
d) attempt to gain unauthorised access to any systems or networks of SecureRoom or its third-party providers; or
e) decompile, reverse engineer, disassemble, copy, modify, or create derivative works of the Services or any part thereof.

5.4 Suspension of Access
SecureRoom reserves the right, without liability, to suspend or restrict the Customer’s or any User’s access to the Services where SecureRoom reasonably determines that:
a) such access poses a security or legal risk;
b) the Customer or a User is in material breach of this Agreement; or
c) suspension is necessary to comply with applicable Laws or the order of any governmental authority.
SecureRoom shall, where practicable, provide prior notice of any suspension in accordance with Clause 27 (Notices) and shall restore access as soon as the underlying issue is resolved.

6. USER ACCOUNT MANAGEMENT

6.1 Authorised Users
The Customer shall designate and manage authorised Users as defined in Clause 1 (including Admins as defined in Clause 1) and shall be responsible for assigning and monitoring access rights and permission levels for each User. The Customer shall ensure that only authorised individuals access the Services and shall immediately revoke access for any User who is no longer authorised.

6.2 Account Credentials
The Customer shall ensure that all Users maintain the confidentiality and security of their login credentials. The Customer shall promptly notify SecureRoom in accordance with Clause 27 (Notices) if it becomes aware of any loss, theft, or unauthorised use of any account credentials or access to the Services.

6.3 Account Credential Sharing
Users are strictly prohibited from sharing, disclosing, or otherwise making their login credentials accessible to any third party, including but not limited to colleagues, contractors, or external advisors. The User acknowledges and agrees that they are solely responsible for all activities, actions, or transactions conducted under their login credentials. In the event the User shares or compromises their login credentials and any unauthorized access, data loss, misuse, or breach occurs, the User shall bear full responsibility and liability for any resulting damages, losses, or claims arising therefrom as referenced in Clause 18 (Indemnification). SecureRoom shall not be liable for any loss, damage, or consequence arising out of or in connection with unauthorized use of login credentials due to sharing, negligence, or failure to safeguard such credentials by the User as per Clause 19 (Limitation of Liability). Users must immediately notify SecureRoom upon becoming aware of any unauthorized use or suspected compromise of their login credentials so that remedial action can be taken without delay.

6.4 Suspension of Accounts
SecureRoom may, in its sole discretion and without liability, temporarily suspend or disable any User account if it reasonably suspects that such account:
a) has been compromised,
b) is being used in a manner that violates this Agreement or any applicable Laws as defined in Clause 1, or
c) poses a risk to the security, integrity, or availability of the Services.
SecureRoom shall, where practicable, notify the Customer of the reasons for such suspension in accordance with Clause 27 (Notices) and shall restore access once the underlying issue has been remedied to SecureRoom’s reasonable satisfaction.

7. DATA OWNERSHIP

7.1 Customer Data Ownership
All Customer Data as defined in Clause 1 shall remain the sole and exclusive property of the Customer. SecureRoom shall not acquire any right, title, or interest in or to the Customer Data other than the limited right to host, process, and display such data solely for the purpose of providing the Services during the Subscription Term as defined in Clause 1. Nothing in this Agreement shall be construed as granting SecureRoom any licence or other rights in the Customer Data except as expressly set out herein. SecureRoom shall not access, view, copy, download, or otherwise use any documents, files, or data uploaded by the Admins or Users onto the Virtual Data Room (“VDR”), in any manner whatsoever, except as strictly necessary for the provision of services or for the resolution of technical issues. In such cases, SecureRoom may access the VDR only after obtaining prior written consent or explicit authorization from the Admin as defined in Clause 1. SecureRoom shall maintain confidentiality of all such data in accordance with Clause 12 (Confidentiality) and ensure that any access is limited, proportionate, and strictly for the permitted purpose.

7.2 SecureRoom Ownership
As between the Parties, all right, title and interest (including all Intellectual Property Rights as defined in Clause 1) in and to the Services, the Virtual Data Room platform, Company Data as defined in Clause 1, source code, software, algorithms, user interfaces, templates, methodologies, specifications, documentation, and any improvements, enhancements, updates or derivative works thereof (collectively, the “SecureRoom Assets”) shall at all times remain the sole and exclusive property of SecureRoom and its licensors as further described in Clause 13 (Intellectual Property). Except for the limited licence expressly granted to the Customer in Clause 5.1, no other licence, transfer or assignment of any SecureRoom Assets (whether by implication, estoppel or otherwise) is granted or shall arise as a result of this Agreement.

7.3 Third-Party / Open Source Components
The Services may incorporate or interoperate with certain third-party software, tools, or open-source components, which remain subject to the applicable third-party or open-source licence terms (the “Third-Party Components”). The Customer acknowledges and agrees that:
a) all rights in and to such Third-Party Components are retained by their respective licensors,
b) the use of such Third-Party Components is solely subject to the applicable licence terms, and
c) no ownership or licence rights in such Third-Party Components are granted to the Customer under this Agreement, except to the extent required for the proper use of the Services.

8. SECURITY OF CUSTOMER DATA

8.1 Security Measures
SecureRoom shall implement and maintain appropriate administrative, technical and organisational safeguards designed to ensure the confidentiality, integrity, and availability of the Services and all Customer Data as defined in Clause 1 in accordance with Clause 11 (Data Privacy).

8.2 Legal and Regulatory Compliance
SecureRoom shall comply with all applicable data protection and information security laws in connection with its operation of the Services as described in Clause 10 (Compliance with Law), including, where applicable, the Information Technology Act, 2000 (together with all subordinate rules) and applicable data protection laws such as the General Data Protection Regulation (EU) 2016/679 (GDPR) in respect of any Personal Data as defined in Clause 1 processed through the Services.

8.3 Security Incidents
In the event SecureRoom becomes aware of any actual or reasonably suspected unauthorised access to or disclosure of Customer Data (a “Security Incident”), SecureRoom shall:
a) promptly investigate and take reasonable steps to mitigate its effects; and
b) notify the Customer within forty-eight (48) hours in accordance with Clause 27 (Notices), providing sufficient information to allow the Customer to comply with its own notification obligations (if any).

9. THIRD PARTY INTEGRATIONS AND SUB-PROCESSOR

9.1 Use of Third-Party Providers
The Customer acknowledges and agrees that SecureRoom may engage reputable third-party service providers, including but not limited to cloud infrastructure providers (such as Amazon Web Services or Microsoft Azure), analytics tools, and other technology vendors, in connection with the hosting, operation, and improvement of the Services (collectively, “Sub-Processors”).

9.2 Sub-Processor List
A current list of SecureRoom’s Sub-Processors is set out in Annexure B, as may be updated from time to time in accordance with this Agreement.

9.3 Customer Consent
By entering into this Agreement, the Customer grants its general authorisation to SecureRoom to engage and use Sub-Processors for the purposes of providing the Services, provided that SecureRoom shall:
a) remain responsible for the performance of its obligations under this Agreement; and
b) impose on each Sub-Processor data protection and confidentiality obligations that are substantially equivalent to those set forth in Clause 11 (Data Privacy) and Clause 12 (Confidentiality).

9.4 Opt-Out
The Customer may object to the appointment of a new Sub-Processor by notifying SecureRoom in writing in accordance with Clause 27 (Notices) within ten (10) days of being informed of such appointment, provided that such objection is based on reasonable data protection grounds. In such case, the Parties shall work together in good faith to find a mutually acceptable solution. If no such solution is reached, either Party may, as its sole and exclusive remedy, terminate the affected portion of the Services upon written notice in accordance with Clause 21 (Term and Termination).

9.5 Third-Party Service Disclaimer and Liability Exclusion

a) No Responsibility for Third-Party Services: SecureRoom expressly disclaims any and all responsibility, liability, or obligation for the performance, availability, functionality, security, or reliability of any Third-Party Applications/Services as defined in Clause 1, including but not limited to cloud infrastructure providers (such as Amazon Web Services, Microsoft Azure), analytics tools, payment gateways, authentication services, or any other third-party software, applications, or services integrated with or utilized in connection with the Services.

b) Customer Assumes All Risk: The Customer acknowledges and agrees that its use of any Third-Party Applications/Services is entirely at its own risk and subject to the terms and conditions of the respective third-party providers. SecureRoom makes no representations or warranties, express or implied, regarding such Third-Party Applications/Services.

c) No Liability for Third-Party Failures: SecureRoom shall not be liable for any loss, damage, expense, claim, or liability of any kind arising from or related to:

i) any failure, interruption, or degradation of Third-Party Applications/Services;
ii) any breach of security, data loss, or unauthorized access occurring through Third-Party Applications/Services;
iii) any changes to, discontinuation of, or termination of Third-Party Applications/Services;
iv) any fees, charges, or costs imposed by third-party providers;
v) any violation of third-party terms of service or acceptable use policies; or
vi) any act or omission of any third-party service provider.

9.6 Customer Indemnification for Third-Party Services

The Customer shall indemnify, defend, and hold harmless SecureRoom and the SecureRoom Indemnitees as defined in Clause 18.1 from and against any and all claims, demands, actions, losses, liabilities, damages, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to:
a) the Customer’s use of any Third-Party Applications/Services;
b) any breach of third-party terms of service or acceptable use policies by the Customer or its Users as defined in Clause 1;
c) any claims by third-party service providers against SecureRoom related to the Customer’s use of such services;
d) any data processing, security, or privacy violations by third-party providers affecting Customer Data as defined in Clause 1; and
e) any integration, modification, or customization of Third-Party Applications/Services requested by the Customer.

10. COMPLIANCE WITH LAW

10.1 General Compliance
Each Party shall comply with all applicable Laws as defined in Clause 1 in connection with the performance of its obligations and use of the Services under this Agreement.

10.2 Data Protection Roles
To the extent the Customer Data as defined in Clause 1 contains Personal Data as defined in Clause 1, the Parties acknowledge that the Customer acts as “Data Controller” (or equivalent term under applicable data protection Laws) and SecureRoom acts as “Data Processor”, processing such Personal Data solely on behalf of, and in accordance with, the Customer’s documented instructions as further described in Clause 11 (Data Privacy).

10.3 GDPR Compliance
Where the processing of Personal Data is subject to the General Data Protection Regulation (EU) 2016/679 (GDPR) or the United Kingdom GDPR, such processing shall be governed by the terms of the Data Processing Addendum (DPA) attached as Annexure C or incorporated by reference into this Agreement, which forms an integral part hereof.

10.4 Indian Information Technology Act Compliance
SecureRoom shall implement and maintain reasonable security practices and procedures in accordance with Rule 8 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, issued under the Information Technology Act, 2000, and shall process any Sensitive Personal Data or Information in compliance therewith.

11. DATA PRIVACY

11.1 Roles and Responsibilities
The Parties acknowledge that, in connection with the provision of the Services, SecureRoom will process Personal Data as defined in Clause 1 contained in the Customer Data solely on behalf of the Customer and in accordance with the Customer’s documented instructions. For the purposes of applicable data protection Laws as defined in Clause 1, the Customer is the “Data Controller” (or equivalent term), and SecureRoom is the “Data Processor” with respect to such Personal Data.

11.2 Customer Obligations
The Customer shall:
a) ensure that it has a valid legal basis (including, where required, all necessary consents from data subjects) to process the Personal Data and to permit SecureRoom to process such Personal Data in accordance with this Agreement;
b) comply with all applicable data protection Laws and ensure that all notices and disclosures are provided to data subjects as required for the lawful processing of Personal Data; and
c) remain solely responsible for the accuracy, quality, and lawfulness of the Personal Data supplied to SecureRoom.

11.3 SecureRoom Obligations
SecureRoom shall:

a) process Personal Data only in accordance with the Customer’s documented instructions and for the purpose of providing the Services;

b) implement appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing, accidental loss, destruction or damage as described in Clause 8 (Security of Customer Data);

c) ensure that persons authorised to process the Personal Data are subject to appropriate confidentiality obligations in accordance with Clause 12 (Confidentiality);

d) assist the Customer, insofar as reasonably possible, in responding to data subject requests (including requests for access, correction, erasure or portability of Personal Data);

e) notify the Customer without undue delay (and, in any event, within forty-eight (48) hours) after becoming aware of a personal data breach in accordance with Clause 27 (Notices);

f) upon termination or expiry of the Agreement as per Clause 21 (Term and Termination), delete or return (at the Customer’s option) all Personal Data, unless retention is required under applicable Laws; and

g) make available to the Customer information reasonably necessary to demonstrate SecureRoom’s compliance with this Clause, and allow audits to the extent required by applicable data protection Laws.

11.4 Cross-Border Transfers
The Customer acknowledges that, in the course of providing the Services, Personal Data may be transferred to and processed in jurisdictions outside the Customer’s country of origin. Where required by applicable data protection Laws, SecureRoom shall ensure that appropriate transfer mechanisms (such as standard contractual clauses or an adequacy decision) are in place to ensure that such international transfers of Personal Data are lawful.

11.5 Data Processing Addendum
To the extent required under applicable data protection Laws (including GDPR and UK GDPR), the Parties shall comply with the terms of the Data Processing Addendum set out in Annexure C incorporated into this Agreement, which forms an integral part hereof and shall prevail in the event of any conflict with this Clause 11.

12. CONFIDENTIALITY

12.1 Confidential Information
Each Party (“Receiving Party”) may receive or have access to Confidential Information as defined in Clause 1 of the other Party (“Disclosing Party”) in connection with this Agreement. The Receiving Party shall treat all such Confidential Information as strictly confidential and shall use the same degree of care to protect it as it uses to protect its own confidential information of a similar nature (but in no event less than a reasonable degree of care).

12.2 Permitted Use and Disclosure
The Receiving Party shall use the Confidential Information solely for the purpose of performing its obligations or exercising its rights under this Agreement and shall not disclose it to any third party except to its employees, advisers or contractors who have a legitimate need to know such Confidential Information for the aforementioned purpose and are bound by confidentiality obligations no less protective than those set out herein.

12.3 Exclusions
The obligations in this Clause 12 shall not apply to information that the Receiving Party can demonstrate:
a) is or becomes publicly available without breach of this Agreement;
b) was lawfully in the Receiving Party’s possession prior to disclosure;
c) was independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information; or
d) is required to be disclosed by law or by any governmental or regulatory authority, provided that, to the extent legally permissible, the Receiving Party gives prompt written notice to the Disclosing Party in accordance with Clause 27 (Notices).

12.4 Return or Destruction
Upon termination of this Agreement in accordance with Clause 21 (Term and Termination) or upon the Disclosing Party’s written request, the Receiving Party shall promptly return or permanently destroy all Confidential Information (including all copies), except to the extent retention is required by applicable Law.

13. INTELLECTUAL PROPERTY

13.1 SecureRoom Intellectual Property

As between the Parties, SecureRoom and its licensors retain all right, title and interest, including all Intellectual Property Rights as defined in Clause 1, in and to the Services, the SecureRoom Assets as defined in Clause 7.2, and any and all improvements, enhancements, modifications, feedback or derivative works thereof, whether developed before or during the term of this Agreement. No rights or licences are granted to the Customer except as expressly set forth in Clause 5.1.

13.2 Customer Intellectual Property
SecureRoom acknowledges that all right, title and interest in and to the Customer Data as defined in Clause 1 and any trademarks, logos or other materials provided by the Customer remain the sole and exclusive property of the Customer as described in Clause 7.1. SecureRoom is granted only a limited licence to use such materials for the sole purpose of providing the Services.

13.3 Feedback
The Customer acknowledges and agrees that any suggestions, enhancement requests, recommendations or other feedback provided to SecureRoom in relation to the Services (“Feedback”) may be used by SecureRoom for the purpose of improving or enhancing its products and services. SecureRoom shall own all Intellectual Property Rights in and to any such improvements, and the Customer hereby grants SecureRoom a perpetual, irrevocable, royalty-free licence to use and incorporate the Feedback for such purposes.

13.4 Reservation of Rights
Except for the limited rights expressly granted to the Customer under Clause 5.1, all rights in and to the Services and related Intellectual Property are hereby expressly reserved by SecureRoom.

14. CUSTOMER REPRESENTATIONS AND WARRANTIES

14.1 Customer Representations
The Customer represents and warrants that:
a) it has full power and authority to enter into and perform its obligations under this Agreement;
b) its use of the Services will comply with all applicable Laws as defined in Clause 1 and will not infringe the rights of any third party; and
c) all information and materials provided by the Customer to SecureRoom are accurate, complete and lawful.

14.2 Service Conformity
SecureRoom warrants that, during the Subscription Term as defined in Clause 1, the Services will materially conform to the then current documentation made available by SecureRoom. The Customer’s sole and exclusive remedy for any breach of this warranty shall be for SecureRoom to use commercially reasonable efforts to correct or re-perform the non-conforming Services in accordance with Clause 20 (Service Level).

14.3 Disclaimer
Except as expressly set forth in this Agreement, the Services (including all software, documentation and content) are provided on an “as is” and “as available” basis, and SecureRoom expressly disclaims all warranties of any kind, whether statutory, express or implied, including any warranties of merchantability, fitness for a particular purpose, title, non-infringement, reliability, or that the Services will be uninterrupted or error-free.

15. SECUREROOM REPRESENTATIONS AND WARRANTIES

15.1 SecureRoom represents and warrants that:

a) it is duly incorporated, validly existing and in good standing under the laws of its jurisdiction of incorporation and has full power and authority to enter into and perform its obligations under this Agreement;
b) it shall perform the Services with reasonable skill and care in accordance with generally accepted industry practices applicable to the provision of hosted virtual data room services; and
c) its provision of the Services pursuant to this Agreement shall comply with all applicable Laws as defined in Clause 1.

15.2 Except as expressly provided in this Agreement, SecureRoom disclaims all other warranties and representations, whether express, implied, statutory or otherwise.

16. GENERAL WARRANTIES

16.1 The Customer warrants and undertakes that:

a) it has obtained and will maintain all necessary internal approvals, corporate authorisations, and consents required to enter into and perform its obligations under this Agreement;
b) it has all necessary rights, licences, permissions and authorisations to provide the Customer Data as defined in Clause 1 to SecureRoom and to permit SecureRoom to process such data in accordance with this Agreement;
c) the Customer Data and the Customer’s use of the Services will not infringe the Intellectual Property Rights as defined in Clause 1 or other proprietary rights of any third party, nor will it contain any unlawful, defamatory, obscene or otherwise objectionable material; and
d) the Customer shall use the Services only in accordance with applicable Laws and shall not permit any User, as defined in Clause 1, to use the Services in any manner that would constitute a violation of applicable Laws or third-party rights.

17. DISCLAIMER WARRANTIES

17.1 Except as expressly stated in this Agreement, the Services are provided “as is” and “as available” and SecureRoom expressly disclaims all representations and warranties of any kind, whether express, implied, statutory or otherwise, including without limitation any warranties of merchantability, fitness for a particular purpose, satisfactory quality, non-infringement, quiet enjoyment, or that the Services will be available without interruption, secure or free from errors or defects.

17.2 SecureRoom does not warrant that

a) the Services will meet the Customer’s specific requirements,
b) the Services will be compatible with the Customer’s hardware, systems or third-party software, or
c) all defects or errors can or will be corrected.
17.3 No advice, recommendation, statement or information obtained from SecureRoom or through the Services shall create any warranty not expressly stated in this Agreement.

18. INDEMNIFICATION

18.1 Customer Indemnification

The Customer shall indemnify, defend and hold harmless SecureRoom, its officers, partners, directors, employees, agents, and affiliates (collectively, the “SecureRoom Indemnitees”) from and against any and all claims, demands, actions, losses, liabilities, damages, costs, and expenses (including reasonable attorneys’ fees and court costs) arising out of or relating to:
a) the Customer Data as defined in Clause 1, including any alleged infringement of third-party Intellectual Property Rights as defined in Clause 1 or violation of applicable Laws;
b) the Customer’s or any User’s use of the Services in breach of this Agreement, including any unlawful or unauthorised activity; and
c) any misrepresentation, warranty, or covenant made by the Customer under this Agreement.

18.2 SecureRoom Indemnification
SecureRoom shall indemnify, defend and hold harmless the Customer and its officers, directors, employees and agents (collectively, the “Customer Indemnitees”) from and against any third-party claims, demands, or actions arising solely from a claim that the Services, as provided by SecureRoom, infringe any third-party Intellectual Property Rights, provided that:
a) the Customer promptly notifies SecureRoom in writing in accordance with Clause 27 (Notices) of such claim;
b) the Customer provides SecureRoom with reasonable assistance and authority to defend, compromise or settle the claim; and
c) the Customer does not admit liability or settle the claim without SecureRoom’s prior written consent.

18.3 Exclusions and Limitations
Notwithstanding Clause 18.2, SecureRoom shall have no obligation to indemnify the Customer for claims arising from Customer Data or content provided by the Customer, modifications to the Services made by anyone other than SecureRoom, or the Customer’s breach of this Agreement.

18.4 Remedies
The indemnifying Party shall bear all costs of defence, settlement, and damages awarded in connection with any indemnifiable claim, provided that the indemnified Party may participate in the defence at its own expense.

19. LIMITATION OF LIABILITY

19.1 Capped Liability

Except for liability arising from
a) a Party’s gross negligence or willful misconduct,
b) breach of confidentiality obligations under Clause 12 (Confidentiality), or
c) infringement of SecureRoom’s Intellectual Property Rights as defined in Clause 1,
the aggregate liability of SecureRoom under or in connection with this Agreement shall not exceed the total Fees as defined in Clause 1 actually paid by the Customer to SecureRoom during the Six (6) months immediately preceding the event giving rise to the claim.

19.2 Exclusion of Certain Damages
To the maximum extent permitted by applicable law, SecureRoom shall not be liable for any indirect, incidental, consequential, special, exemplary, punitive or loss-of-profit damages, even if SecureRoom has been advised of the possibility of such damages, arising out of or in connection with this Agreement, the Services, or the use or inability to use the Services.

19.3 Customer Acknowledgment
The Customer acknowledges and agrees that the limitations and exclusions of liability set forth in this Clause 19 constitute a fundamental basis of the bargain between the Parties, and that the Fees charged by SecureRoom reflect these limitations.

19.4 Exclusive Remedy
The remedies set forth in this Agreement, including corrective actions and indemnification as described in Clause 18 (Indemnification), constitute the Customer’s sole and exclusive remedies for any claims arising from the Services, except as otherwise expressly provided herein.

20. SERVICE LEVEL

20.1 Service Availability
SecureRoom shall use commercially reasonable efforts to make the Services available during each calendar month, excluding Permitted Downtime as defined in Clause 1, scheduled maintenance, force majeure events as described in Clause 30 (Force Majeure), outages caused by the Customer’s systems or network, urgent security updates, or failures of third-party services.

20.2 Scheduled Maintenance
SecureRoom may perform Scheduled Maintenance as defined in Clause 1 during off-peak hours, with reasonable prior notice to the Customer in accordance with Clause 27 (Notices). Such maintenance shall not be considered a breach of this Agreement unless explicitly agreed in writing.

20.3 Support
SecureRoom shall provide technical support to the Customer, including response times and escalation procedures as described in the Maintenance and Support as defined in Clause 1. Support is available to authorized Admins as defined in Clause 1 designated by the Customer.

20.4 Exclusions
SecureRoom shall not be liable for Service Level failures caused by
a) Customer Data or systems,
b) Customer’s use of the Services outside the scope of this Agreement, or
c) third-party services or components not controlled by SecureRoom as described in Clause 9 (Third Party Integrations and Sub-Processor).

21. TERM AND TERMINATION

21.1 Term
This Agreement shall commence on the Effective Date as defined in Clause 1 and shall continue for the duration of the Subscription Term as defined in Clause 1 specified in the order form, unless terminated earlier in accordance with this Clause 21.

21.2 Termination for Convenience
SecureRoom may terminate this Agreement for any reason upon thirty (30) days’ prior written notice to the Customer in accordance with Clause 27 (Notices).

21.3 Termination for Cause
Either Party may terminate this Agreement immediately upon written notice in accordance with Clause 27 (Notices) if the other Party:
a) materially breaches any of its obligations under this Agreement and fails to cure such breach within fifteen (15) days after receiving written notice thereof;
b) becomes insolvent, makes a general assignment for the benefit of creditors, or is subject to bankruptcy, liquidation, or similar proceedings; or
c) is compelled by applicable Law as defined in Clause 1, or a competent regulatory authority, to terminate this Agreement.

21.4 Effect of Termination
Upon termination or expiration of this Agreement:

a) the Customer’s right to access and use the Services shall immediately cease;
b) SecureRoom shall make Customer Data, as defined in Clause 1, available for retrieval by the Customer for a period of thirty (30) days following termination; thereafter, SecureRoom may delete or destroy all Customer Data in its possession, unless retention is required under applicable Law in accordance with Clause 11.3(f);
c) all outstanding Fees and other amounts due to SecureRoom shall become immediately payable in accordance with Clause 4 (Fees & Payment); and
d) the Parties shall return or destroy all Confidential Information as defined in Clause 1 of the other Party in accordance with Clause 12.4.

21.5 Survival
The provisions of Clauses 4 (Fees & Payment), 7 (Data Ownership), 11 (Data Privacy), 12 (Confidentiality), 13 (Intellectual Property), 18 (Indemnification), 19 (Limitation of Liability), 22 (No Waiver), and 29 (Governing Law and Jurisdiction) shall survive termination or expiration of this Agreement.

22. NO WAIVER

22.1 No failure or delay by either Party in exercising any right, power, or remedy under this Agreement shall operate as a waiver of such right, power, or remedy, nor shall any single or partial exercise of any right preclude any further exercise of that or any other right.

22.2 Any waiver of a right or remedy must be expressly provided in writing and signed by an authorized representative of the waiving Party in accordance with Clause 27 (Notices).

22.3 The failure of SecureRoom to enforce any provision of this Agreement at any time shall not be construed as a waiver of its rights to enforce such provision or any other provision at any time thereafter.

23. ASSIGNMENT

23.1 Customer Restrictions
The Customer shall not assign, transfer, or delegate any of its rights or obligations under this Agreement, in whole or in part, without the prior written consent of SecureRoom in accordance with Clause 27 (Notices), which may be withheld at SecureRoom’s sole discretion. Any attempted assignment without such consent shall be null and void.

23.2 SecureRoom Rights
SecureRoom may assign or transfer its rights and obligations under this Agreement, in whole or in part, without Customer consent:
a) in connection with a merger, acquisition, corporate reorganization, or sale of substantially all of its assets; or
b) to any Affiliate as defined in Clause 1 or successor entity, provided that the assignee assumes all obligations of SecureRoom under this Agreement.

23.3 Binding Effect
This Agreement shall be binding upon, and inure to the benefit of, the Parties and their respective permitted successors and assigns.

24. NOTICES

24.1 Form of Notices
All notices, requests, consents, claims, demands, waivers, and other communications under this Agreement (collectively, “Notices”) must be in writing and may include delivery by registered post, courier, hand delivery, or email.

24.2 Deemed Delivery
Notices shall be deemed to have been duly given:
a) if delivered by hand, upon receipt;
b) if sent by registered post or courier, three (3) business days after posting; or
c) if sent by email, upon transmission, provided that a confirmation of delivery is generated.

24.3 Addresses
Notices shall be sent to the Parties at the addresses set forth below (or to such other address or email as a Party may designate in writing):

SecureRoom

Address: Room No. 8, Chawl No. 1, Motibhai Desai Chawl, Ganesh
Nagar, Rawalpada, Dahisar East, Mumbai – 400068,
Maharashtra, India
Telephone: +918433733707
Email: Info@secureroom.ai
Attention: Mrs. Sunita Panchal

Customer
Address: [●]
Telephone: [●]
Email: [●]
Attention: [●]

24.4 Copy to Other Parties
Where applicable, any Notice sent to one Party shall also be marked to all other relevant Parties to ensure full awareness.
24.5 Effectiveness
This Clause 24 shall not limit or affect the validity or enforceability of Notices delivered in accordance with applicable Law.

25. INDEPENDENT CONTRACTOR

25.1 Relationship

The Parties acknowledge and agree that nothing in this Agreement shall be deemed to create an employer-employee, partnership, joint venture, or agency relationship between SecureRoom and the Customer or between SecureRoom and any User as defined in Clause 1. SecureRoom shall perform its obligations under this Agreement as an independent contractor.

25.2 No Authority
Neither Party shall have, nor represent that it has, any authority to bind or obligate the other Party in any manner, except as expressly provided in this Agreement.

25.3 Taxes and Benefits
Each Party shall be solely responsible for its own taxes, withholdings, and statutory or contractual benefits arising from its operations, employees, or contractors, and shall not hold the other Party liable for the same.

25.4 No Employment Rights
Users or Customer personnel shall not be deemed employees or agents of SecureRoom by virtue of their access to or use of the Services, and SecureRoom shall have no obligations to such individuals in relation to employment benefits, compensation, or other rights.

26. CHANGES TO THIS AGREEMENT

26.1 Right to Amend

SecureRoom reserves the right, at its sole discretion, to modify, update, or amend this Agreement at any time, including the annexures, schedules, or fees, to reflect changes in law, regulatory requirements, business practices, or enhancements to the Services.

26.2 Notice of Changes
SecureRoom shall provide the Customer with reasonable notice of material changes, including by posting the updated Agreement on its website or sending notice to the Customer’s registered email address in accordance with Clause 27 (Notices).

26.3 Effect of Continued Use
The Customer’s continued use of the Services after the effective date of any amendments constitutes acceptance of such amendments. If the Customer does not agree with the amended terms, the Customer may terminate the Agreement in accordance with Clause 21 (Term and Termination).

26.4 No Retroactive Effect
Changes to this Agreement shall not affect rights or obligations that arose prior to the effective date of such changes, unless expressly stated otherwise.

27. FORCE MAJEURE

27.1 Definition

Neither Party shall be liable for any failure or delay in performing its obligations under this Agreement (except payment obligations as described in Clause 4 (Fees & Payment)) if such failure or delay is caused by an event beyond the reasonable control of the affected Party, including but not limited to acts of God, natural disasters, fire, flood, earthquake, pandemic, acts of war or terrorism, civil unrest, government action or regulation, strikes or labor disputes, power outages, telecommunication or internet failures, or failures of third-party service providers (“Force Majeure Event”).

27.2 Notice and Mitigation
The affected Party shall:
a) promptly notify the other Party in writing in accordance with Clause 27 (Notices) of the occurrence of the Force Majeure Event; and
b) use commercially reasonable efforts to mitigate the impact of the Force Majeure Event and resume performance of its obligations as soon as practicable.

27.3 Suspension of Obligations
During the continuance of a Force Majeure Event, the obligations of the affected Party shall be suspended to the extent directly affected by such event.

27.4 Termination for Prolonged Force Majeure
If the Force Majeure Event continues for a period exceeding sixty (30) days, either Party may terminate this Agreement upon written notice to the other Party in accordance with Clause 27 (Notices), without liability, except for obligations accrued prior to the Force Majeure Event.

27.5 No Waiver of Fees
Customer shall remain liable for all Fees as defined in Clause 1 due and payable for Services performed prior to or during a Force Majeure Event.

28. COUNTERPARTS

28.1 This Agreement may be executed in two or more counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same instrument.

28.2 Signatures delivered by electronic means, including PDF, scanned copy, or other digital formats, shall be deemed to have the same legal effect as original signatures.

28.3 No Party shall raise any objection to the validity or enforceability of this Agreement solely on the basis that it was executed in counterparts or electronically.

29. GOVERNING LAW AND JURISDICTION

29.1 Governing Law

This Agreement, including its formation, validity, interpretation, performance, and enforcement, shall be governed by and construed in accordance with the laws of the Republic of India, without regard to its conflict of laws principles.

29.2 Exclusive Jurisdiction
Subject to Clause 18 (Indemnification), the Parties irrevocably submit to the exclusive jurisdiction of the courts of Mumbai, India, for the resolution of any dispute, claim, or controversy arising out of or in connection with this Agreement.

29.3 Waiver of Other Jurisdictions
Each Party waives any objection to venue, jurisdiction, or inconvenient forum in any action or proceeding brought in accordance with this Clause 30.

29.4 Interim Relief
Nothing in this Clause 30 shall prevent SecureRoom from seeking injunctive or other equitable relief in any jurisdiction to protect its Intellectual Property Rights as defined in Clause 1, Confidential Information as defined in Clause 1, or other proprietary interests.

29.5 Third-Party Terms and Conditions

a) Direct Relationship: The Customer acknowledges that its use of Third-Party Applications/Services creates a direct legal relationship between the Customer and the respective third-party providers, independent of this Agreement.
b) Third-Party Terms Apply: The Customer agrees to comply with all applicable terms of service, privacy policies, and acceptable use policies of third-party providers and acknowledges that violation of such terms may result in suspension or termination of third-party services.
c) No SecureRoom Involvement: SecureRoom shall not be a party to any dispute between the Customer and third-party providers and shall have no obligation to mediate, resolve, or participate in such disputes.

30. SEVERABILITY

30.1 If any provision or any portion of a provision of this Agreement is held to be invalid, illegal, or unenforceable under any applicable law, such invalidity, illegality, or unenforceability shall not affect the validity, legality, or enforceability of the remaining provisions, which shall continue in full force and effect.

30.2 The Parties shall use commercially reasonable efforts to negotiate in good faith a substitute provision that is valid and enforceable and closest in intent and economic effect to the original invalid or unenforceable provision.

30.3 The substitution shall preserve the rights, remedies, and obligations of the Parties under this Agreement to the maximum extent possible.

31. ENTIRE AGREEMENT

31.1 This Agreement, including all annexures, schedules, and any documents expressly incorporated by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior or contemporaneous understandings, agreements, negotiations, and communications, whether written or oral, relating to such subject matter.

31.2 No representation, promise, or inducement not expressly set forth in this Agreement shall be binding on either Party.

31.3 Any amendment, modification, or waiver of any provision of this Agreement must be in writing and signed by an authorized representative of the Party against whom enforcement is sought as described in Clause 26 (Changes to This Agreement).

ANNEXURE A — MAINTENANCE AND SUPPORT

A.1 Support Services

• Technical support available during business hours (9 AM – 6 PM IST, Monday to Friday)
• Response times: Critical issues within 4 hours, general inquiries within 24 hours
• Support channels: Email, phone, and online portal
• Escalation procedures for unresolved issues

A.2 Maintenance Activities

• Regular system updates and security patches
• Performance monitoring and optimization
• Backup and disaster recovery procedures
• Scheduled maintenance with advance notice as per Clause 20.2

A.3 Customer Responsibilities
• Provide necessary information for troubleshooting
• Designate authorized contacts for support requests
• Follow recommended usage guidelines and best practices