Master SaaS Services Agreement

1.1 Provider / Pintor Project: Pintor Project Co., a Delaware corporation, develops and operates Auralytik, a conversation intelligence and audit platform. The Provider's details are specified in applicable Service Orders.

1.2 Customer: Any natural or legal entity contracting Services through Service Orders, proposals, or self-serve signup.

1.3 Services / Auralytik: A SaaS platform for conversation intelligence, including call audit and scoring, transcript analysis, sentiment and compliance indicators, AI agents, voicebots, integrations with CRM and ticketing systems, dashboards, APIs, and (when subscribed) biometric verification components.

1.4 Platform: The Provider's technology infrastructure, hosted primarily on Microsoft Azure and authorized providers.

1.5 Service Order / Commercial Proposal: Documents detailing contracted plans, scope, volumes, service levels, fees, currency, and particular conditions.

1.6 Customer Data: Information uploaded or transmitted to the Provider through the Services, including call audio, transcripts, agent and bot interaction logs, evaluation outputs, and metrics.

1.7 Principal: Third parties for whose benefit the Services are provided through the Customer.

1.8 Personal Data and Data Subject: Information relating to identified or identifiable natural persons, governed by CCPA/CPRA, GDPR (for EEA residents), and other applicable data-protection laws.

1.9 Data Protection and Cybersecurity Regulations: Applicable laws governing Personal Data processing and security obligations, including CCPA/CPRA, GDPR, federal sectoral frameworks, and industry-specific regulations.

1.10 Business Day: Monday through Friday, excluding U.S. federal holidays.

2.1 This document is the Master SaaS Services Agreement between Pintor Project and the Customer regarding Auralytik.

2.2 Service Orders and self-serve plans are integral parts of this Master Agreement, detailing technical characteristics and commercial conditions.

2.3 Precedence order: (a) specific Service Order with technical annexes; (b) this Master Agreement; (c) complementary policies, Privacy Policy, Acceptable Use Policy, Sub-processor list, and technical documentation.

2.4 Acceptance occurs through (i) physical or electronic signature of this document or a referencing Service Order, or (ii) activation, registration, or use of the Platform, whichever occurs first.

3.1 Pintor Project grants a non-exclusive, non-transferable, revocable, and limited license to access and use Auralytik for the agreement term.

3.2 The license applies solely to the Customer's and its Principals' own business purposes.

3.3 Prohibited activities without prior written authorization:

• Sub-licensing, renting, leasing, reselling, or making Services available to third parties, except to Principals;
• Decompiling, disassembling, reverse-engineering, or deriving source code;
• Circumventing security or access-control mechanisms;
• Using Services for illegal activities or contrary to regulations or the Acceptable Use Policy.

3.4 The Services are provided "as is" and "as available." As an AI-assisted service, Auralytik outputs carry statistical error margins and cannot be considered infallible or interpreted as legal, financial, or regulatory advice.

4.1 Pintor Project may require background information and compliance declarations to assess risk and regulatory compliance.

4.2 The Provider may classify Customers by risk level and condition module enablement on additional information or reinforced controls.

4.3 Access suspension or denial occurs when:

• Customer fails to provide sufficient information;
• Uses contrary to Terms, Acceptable Use Policy, or regulations are detected;
• Well-founded indications of fraud or cybersecurity incidents exist.

4.4 Customers remain responsible for payment obligations accrued prior to suspension or termination.

5.1 The Customer acts as Data Controller; Pintor Project acts as Data Processor under CCPA/CPRA, GDPR, and equivalent regulations.

5.2 The Customer warrants holding all necessary rights, notices, consents, and authorizations from Data Subjects for Provider processing. The Customer is solely responsible for ensuring conversations, recordings, and data comply with telecom recording laws, two-party-consent laws, and applicable data-protection laws.

5.3 Indemnity. The Customer indemnifies the Provider against fines, sanctions, or claims arising from lack of consent or authorization regarding Customer Data.

5.4 Pintor Project may suspend Services for flagrant breaches without prejudice to termination rights or damages claims.

6.1 The Customer acts as Data Controller; Pintor Project as Data Processor under CCPA/CPRA, GDPR, and other applicable regulations.

6.2 Personal Data is processed exclusively for (a) performing and improving contracted Services; (b) maintaining, monitoring, and securing the Platform; (c) complying with legal obligations; (d) improving AI models on anonymized or aggregated data only, never for training third-party foundation models.

6.3 Authorized Sub-processors:

• Microsoft Corporation (Azure, USA): hosting, SQL databases, blob storage, authentication (Entra ID), Communication Services Email, Application Insights, Azure AI Speech, Azure AI Language, Azure OpenAI Service, and Power BI;
• Stripe, Inc. (USA): card payment processing, subscription management, and self-service billing portal, used only on self-serve plans;
• ElevenLabs Inc. (USA): AI voice synthesis, used only when voicebot or synthesized-voice features are active for the Customer's account;
• Twilio Inc. (USA): WhatsApp Business API messaging via Twilio's aggregator service, used when the Customer enables WhatsApp Business through Twilio;
• Meta Platforms, Inc. (USA): WhatsApp Business Platform messaging, used when the Customer enables WhatsApp Business directly through Meta;
• Future sub-processors maintaining equivalent security and compliance standards, with at least 30 days' advance notice to Customers with contractual notification requirements.

6.4 International transfers. Customer Data may be stored and processed in data centers in the United States (primary) and, for EU-contracted Customers, the European Union, complying with applicable regulations and Standard Contractual Clauses.

6.5 Information security: Pintor Project implements reasonable technical and organizational measures including encryption in transit and at rest, least-privilege access, multi-factor authentication, access/event logging, periodic security audits, and incident-management procedures.

6.6 Incident notification: upon security incidents significantly affecting Customer Data confidentiality, integrity, or availability, Pintor Project notifies the Customer without undue delay with sufficient information.

6.7 Data Subject rights: requests sent directly to the Provider are forwarded to the Customer unless applicable law imposes direct Provider obligations.

6.8 Retention and deletion: upon Customer written request, Pintor Project deletes or returns Customer Data within reasonable time, except where retention is legally required.

7.1 Conversation Intelligence and Auralytik Auditing. The Customer acknowledges that, although the Platform includes tools for detection and obfuscation of sensitive data (PCI, PII, and similar), no system is infallible. The Customer is responsible for (i) avoiding, to the extent reasonable, the unnecessary inclusion of highly sensitive data in recordings or interactions sent to the Platform, and (ii) accepting the residual risk associated with the processing of such data. Audit results (KPIs, sentiment analysis, compliance indicators, and similar outputs) are decision-support tools for the Customer's internal management and the management of its Principals; they do not replace human controls or the Customer's regulatory obligations.

8.1 Keep contact details, billing information, and authorized users current.

8.2 Implement internal privacy, security, and usage policies consistent with regulations and this contract.

8.3 Properly manage user access credentials using strong passwords, MFA, and additional controls.

8.4 Do not introduce malicious code or conduct penetration tests affecting Services stability or security without prior written authorization.

8.5 Reasonably cooperate with Pintor Project in incident investigations and applicable sector audits.

9.1 Pintor Project retains exclusive intellectual-property rights over the Platform, Auralytik, Services, source and object code, algorithms, AI models, trademarks, trade names, logos, and associated intangible assets.

9.2 This contract grants only usage licenses, not intellectual-property transfers.

9.3 Reports, metrics, dashboards, and generated information constitute Customer information, without prejudice to Pintor Project's right to reuse derived patterns and insights on anonymized, aggregated bases.

9.4 The Customer may not remove, hide, or alter copyright notices, trademarks, or rights indications.

10.1 Fees, currency, billing mode, discounts, and commercial conditions are established in corresponding Service Orders or self-subscription pricing pages at contracting time.

10.2 Unless otherwise indicated, prices are net, with applicable sales tax, VAT, or other taxes added.

10.3 Pintor Project issues invoices at indicated periodicity; Customer pays within indicated terms. Self-serve plans bill monthly via the payment processor identified in the relevant Service Order.

10.4 Payment delays entitle Pintor Project to:

• Accrue default interest at maximum permitted rates under applicable law;
• Suspend Services totally or partially;
• Terminate for arrears exceeding 30 calendar days.

10.5 The Customer bears responsibility for banking charges, international-transfer costs, and payment-method expenses unless otherwise agreed.

11.1 Pintor Project makes commercially reasonable efforts ensuring availability consistent with SaaS-industry standards. Specific levels may be defined in technical annexes or Enterprise Service Orders.

11.2 Technical support is provided through hours and channels described at auralytik.com/support and in applicable Service Orders.

11.3 Temporary interruptions from scheduled maintenance, technical contingencies, or incidents outside the Provider's reasonable control do not constitute breach if reasonable mitigation measures are adopted.

12.1 Each party represents having legal capacity to enter this contract.

12.2 Pintor Project represents:

• It holds Platform licensing rights;
• It implements security measures per clause 6;
• It makes commercially reasonable efforts for Services to function per technical documentation.

12.3 Customer represents:

• It has reviewed technical documentation;
• It understands scope and AI limitations;
• It has determined Services adequacy for its purposes.

12.4 To maximum extent permitted by law, Pintor Project grants no additional warranties, express or implied, beyond those expressly stated.

13.1 To the maximum extent permitted by Delaware law, Pintor Project is not liable for:

• indirect, incidental, special, consequential, or punitive damages or lost profits;
• data loss except from willful misconduct or gross negligence;
• business decisions based exclusively on Service outputs without additional validation.

13.2 Pintor Project's total accumulated liability is limited to amounts actually paid by the Customer during the three months immediately preceding the claim.

13.3 This limitation does not apply to duly proven willful misconduct or gross negligence.

14.1 Each party maintains strict confidence over technical, commercial, financial, or other confidential information.

14.2 The obligation continues during the contract and five years after termination.

14.3 Exceptions:

• Publicly available information without breach;
• Legitimately known pre-disclosure;
• Disclosed by third parties without confidentiality obligations;
• Required by legal mandate.

15.1 Neither party is liable for failures from force majeure or fortuitous events such as natural disasters, authority acts, telecommunications failures, wars, pandemics, or massive cyberattacks affecting third-party infrastructure.

15.2 The affected party informs the other within reasonable time and adopts mitigation measures.

16.1 The contract enters force upon acceptance and remains effective while active Service Orders exist or the Customer maintains Platform access.

16.2 Either party may terminate without cause through written notice with minimum 30 calendar days advance notice.

16.3 Pintor Project may terminate immediately upon:

• Customer material breach;
• Services use contrary to data-protection regulations or Acceptable Use Policy;
• Customer insolvency or liquidation.

16.4 Upon termination, Pintor Project deletes or returns Customer Data per clause 6.8.

17.1 Pintor Project may improve, update, or modify Services provided no substantial committed service-level reduction occurs.

17.2 Material Terms modifications are communicated with reasonable advance notice (minimum 30 days).

17.3 Continued Services use after that period deems modifications accepted. Otherwise, the Customer may terminate per clause 16.2.

18.1 The Customer cannot assign or transfer rights or obligations without Provider prior written authorization.

18.2 Pintor Project may assign this contract to related companies or business purchasers upon prior Customer notice.

18.3 Pintor Project remains responsible to the Customer for proper Services execution.

18.4 Authorized distributors. Pintor Project may authorize regional distributors to invoice and contract directly with customers in specific territories. Where a Customer contracts through an authorized distributor, the distributor's invoice or service agreement governs the commercial relationship, while this Master Agreement governs the use of the Platform unless the distributor's agreement specifies otherwise. The current list of authorized distributors is available on request from legal@auralytik.com.

19.1 All notices are written to parties' indicated physical or electronic addresses, including Platform messaging modules. Legal notices to the Provider go to legal@auralytik.com.

19.2 Each party keeps contact information current.

20.1 This contract is governed by Delaware law without regard to conflict-of-laws provisions.

20.2 Any disputes arising from or relating to this contract submit to exclusive jurisdiction of Delaware state and federal courts, with parties waiving other applicable jurisdictions.