Master Services Agreement

1.1 Provider / Pintor Project: Pintor Project Co., a Delaware corporation, develops and operates software, consulting, and managed services under the Pintor Project brand. The Provider's details are specified in applicable Service Orders.

1.2 Customer: Any natural or legal entity contracting Services through Service Orders, proposals, or self-serve signup.

1.3 Services: Any Pintor Project offering subscribed or contracted by the Customer, including (a) consulting and advisory services; (b) Microsoft Cloud Solution Provider (CSP) services, including Azure subscription provisioning and managed cloud operations; (c) professional and custom development services; (d) Software-as-a-Service products operated by Pintor Project, including but not limited to Auralytik (conversation intelligence) and FlowGuard (automated UAT). Specific SaaS products are additionally governed by product-specific Master Agreements available on each product's website.

1.4 Platform: The technology infrastructure, hosted primarily on Microsoft Azure, that supports Pintor Project's SaaS products and managed services.

1.5 Service Order / Statement of Work / Commercial Proposal: Documents detailing contracted services, scope, volumes, service levels, fees, currency, and particular conditions.

1.6 Customer Data: Information uploaded, transmitted, or made accessible to the Provider through the Services.

1.7 Principal: Third parties for whose benefit the Services are provided through the Customer.

1.8 Personal Data and Data Subject: Information relating to identified or identifiable natural persons, governed by CCPA/CPRA, GDPR (for EEA residents), and other applicable data-protection laws.

1.9 Data Protection and Cybersecurity Regulations: Applicable laws governing Personal Data processing and security obligations, including CCPA/CPRA, GDPR, federal sectoral frameworks, and industry-specific regulations.

1.10 Business Day: Monday through Friday, excluding U.S. federal holidays.

2.1 This document is the Master Services Agreement between Pintor Project and the Customer, covering all Pintor Project services as described in Section 1.3.

2.2 Service Orders, Statements of Work, and self-serve plans are integral parts of this Master Agreement, detailing technical characteristics and commercial conditions.

2.3 Precedence order: (a) specific Service Order or Statement of Work with technical annexes; (b) product-specific Master Agreement (for SaaS products); (c) this Master Services Agreement; (d) complementary policies, Privacy Policy, Acceptable Use Policy, Sub-processor list, and technical documentation.

2.4 Acceptance occurs through (i) physical or electronic signature of this document or a referencing Service Order, or (ii) activation, registration, or use of the Services, whichever occurs first.

3.1 Pintor Project grants a non-exclusive, non-transferable, revocable, and limited license to access and use the Services subscribed under a Service Order for the agreement term.

3.2 The license applies solely to the Customer's and its Principals' own business purposes.

3.3 Prohibited activities without prior written authorization:

• Sub-licensing, renting, leasing, reselling, or making Services available to third parties, except to Principals;
• Decompiling, disassembling, reverse-engineering, or deriving source code from any Pintor Project software or platform;
• Circumventing security or access-control mechanisms;
• Using Services for illegal activities or contrary to regulations or the Acceptable Use Policy.

3.4 The Services are provided "as is" and "as available". AI-powered features (where applicable) carry statistical error margins and cannot be considered infallible or interpreted as legal, financial, or regulatory advice.

4.1 Pintor Project may require background information and compliance declarations to assess risk and regulatory compliance.

4.2 The Provider may classify Customers by risk level and condition module enablement on additional information or reinforced controls.

4.3 Access suspension or denial occurs when:

• Customer fails to provide sufficient information;
• Uses contrary to Terms, Acceptable Use Policy, or regulations are detected;
• Well-founded indications of fraud or cybersecurity incidents exist.

4.4 Customers remain responsible for payment obligations accrued prior to suspension or termination.

5.1 The Customer acts as Data Controller; Pintor Project acts as Data Processor under CCPA/CPRA, GDPR, and equivalent regulations.

5.2 The Customer warrants holding all necessary rights, notices, consents, and authorizations from Data Subjects for Provider processing. The Customer is solely responsible for ensuring data provided to or processed through the Services complies with applicable data-protection and telecom laws.

5.3 Indemnity. The Customer indemnifies the Provider against fines, sanctions, or claims arising from lack of consent or authorization regarding Customer Data.

5.4 Pintor Project may suspend Services for flagrant breaches without prejudice to termination rights or damages claims.

6.1 The Customer acts as Data Controller; Pintor Project as Data Processor under CCPA/CPRA, GDPR, and other applicable regulations.

6.2 Personal Data is processed exclusively for (a) performing and improving contracted Services; (b) maintaining, monitoring, and securing the Platform and delivery infrastructure; (c) complying with legal obligations; (d) improving AI models on anonymized or aggregated data only, never for training third-party foundation models.

6.3 Authorized Sub-processors:

• Microsoft Corporation (Azure, USA): cloud hosting, infrastructure, and Microsoft platform services used across all Pintor Project services;
• Microsoft Corporation (Microsoft 365 / Entra ID, USA): authentication, email, and collaboration services for Pintor Project staff and Customer interactions;
• Product-specific sub-processors: each Pintor Project SaaS product (Auralytik, FlowGuard, etc.) maintains its own sub-processor list at the product's website. Refer to the specific product's Sub-processors page for the complete list applicable to that product;
• Future sub-processors maintaining equivalent security and compliance standards, with at least 30 days' advance notice to Customers with contractual notification requirements.

6.4 International transfers. Customer Data may be stored and processed in data centers in the United States (primary) and, for EU-contracted Customers, the European Union, complying with applicable regulations and Standard Contractual Clauses.

6.5 Information security: Pintor Project implements reasonable technical and organizational measures including encryption in transit and at rest, least-privilege access, multi-factor authentication, access/event logging, periodic security audits, and incident-management procedures.

6.6 Incident notification: upon security incidents significantly affecting Customer Data confidentiality, integrity, or availability, Pintor Project notifies the Customer without undue delay with sufficient information.

6.7 Data Subject rights: requests sent directly to the Provider are forwarded to the Customer unless applicable law imposes direct Provider obligations.

6.8 Retention and deletion: upon Customer written request, Pintor Project deletes or returns Customer Data within reasonable time, except where retention is legally required.

7.1 Service-Specific Terms. Specific Pintor Project services may be governed by additional terms that supplement or, to the extent expressly indicated, supersede this Master Agreement:

• (a) SaaS Products. Each Pintor Project Software-as-a-Service product is governed by its own product-specific Master Agreement, available at the product's website (for example, auralytik.com/eula for Auralytik). Where the Customer subscribes to a SaaS product, the product-specific Master Agreement governs use of that product and supersedes this Master Agreement for matters specific to that product.
• (b) Microsoft CSP Services. Microsoft Cloud Solution Provider services (Azure subscription provisioning, managed cloud operations, and related Microsoft services) are additionally governed by the Microsoft Customer Agreement (MCA), to which the Customer agrees as a condition of using such services. Pintor Project acts as Microsoft's authorized Cloud Solution Provider.
• (c) Consulting and Professional Services. Consulting, advisory, custom development, and professional services are governed by this Master Agreement together with the applicable Service Order, Statement of Work, or proposal accepted by the Customer.

7.2 Order of Precedence. In case of conflict between documents: (i) specific Service Order or Statement of Work; (ii) product-specific Master Agreement (for SaaS products); (iii) this Master Services Agreement; (iv) complementary policies (Privacy Policy, Acceptable Use Policy, sub-processor lists, technical documentation).

8.1 Keep contact details, billing information, and authorized users current.

8.2 Implement internal privacy, security, and usage policies consistent with regulations and this contract.

8.3 Properly manage user access credentials using strong passwords, MFA, and additional controls.

8.4 Do not introduce malicious code or conduct penetration tests affecting Services stability or security without prior written authorization.

8.5 Reasonably cooperate with Pintor Project in incident investigations and applicable sector audits.

9.1 Pintor Project retains exclusive intellectual-property rights over its platforms, products, Services, source and object code, algorithms, AI models, trademarks, trade names, logos, and associated intangible assets.

9.2 This contract grants only usage licenses, not intellectual-property transfers.

9.3 Reports, metrics, dashboards, and generated information constitute Customer information, without prejudice to Pintor Project's right to reuse derived patterns and insights on anonymized, aggregated bases.

9.4 The Customer may not remove, hide, or alter copyright notices, trademarks, or rights indications.

10.1 Fees, currency, billing mode, discounts, and commercial conditions are established in corresponding Service Orders, Statements of Work, or self-subscription pricing pages at contracting time.

10.2 Unless otherwise indicated, prices are net, with applicable sales tax, VAT, or other taxes added.

10.3 Pintor Project issues invoices at indicated periodicity; Customer pays within indicated terms. Self-serve plans bill monthly via the payment processor identified in the relevant Service Order.

10.4 Payment delays entitle Pintor Project to:

• Accrue default interest at maximum permitted rates under applicable law;
• Suspend Services totally or partially;
• Terminate for arrears exceeding 30 calendar days.

10.5 The Customer bears responsibility for banking charges, international-transfer costs, and payment-method expenses unless otherwise agreed.

11.1 Pintor Project makes commercially reasonable efforts ensuring availability consistent with applicable industry standards. Specific levels may be defined in technical annexes or Service Orders.

11.2 Technical support is provided through hours and channels described at pintorproject.com/support and in applicable Service Orders.

11.3 Temporary interruptions from scheduled maintenance, technical contingencies, or incidents outside the Provider's reasonable control do not constitute breach if reasonable mitigation measures are adopted.

12.1 Each party represents having legal capacity to enter this contract.

12.2 Pintor Project represents:

• It holds necessary rights to provide the Services;
• It implements security measures per clause 6;
• It makes commercially reasonable efforts for Services to function per technical documentation.

12.3 Customer represents:

• It has reviewed technical documentation;
• It understands scope and AI limitations (where applicable);
• It has determined Services adequacy for its purposes.

12.4 To maximum extent permitted by law, Pintor Project grants no additional warranties, express or implied, beyond those expressly stated.

13.1 To the maximum extent permitted by Delaware law, Pintor Project is not liable for:

• indirect, incidental, special, consequential, or punitive damages or lost profits;
• data loss except from willful misconduct or gross negligence;
• business decisions based exclusively on Service outputs without additional validation.

13.2 Pintor Project's total accumulated liability is limited to amounts actually paid by the Customer during the three months immediately preceding the claim.

13.3 This limitation does not apply to duly proven willful misconduct or gross negligence.

14.1 Each party maintains strict confidence over technical, commercial, financial, or other confidential information.

14.2 The obligation continues during the contract and five years after termination.

14.3 Exceptions:

• Publicly available information without breach;
• Legitimately known pre-disclosure;
• Disclosed by third parties without confidentiality obligations;
• Required by legal mandate.

15.1 Neither party is liable for failures from force majeure or fortuitous events such as natural disasters, authority acts, telecommunications failures, wars, pandemics, or massive cyberattacks affecting third-party infrastructure.

15.2 The affected party informs the other within reasonable time and adopts mitigation measures.

16.1 The contract enters force upon acceptance and remains effective while active Service Orders exist or the Customer maintains access to Services.

16.2 Either party may terminate without cause through written notice with minimum 30 calendar days advance notice.

16.3 Pintor Project may terminate immediately upon:

• Customer material breach;
• Services use contrary to data-protection regulations or Acceptable Use Policy;
• Customer insolvency or liquidation.

16.4 Upon termination, Pintor Project deletes or returns Customer Data per clause 6.8.

17.1 Pintor Project may improve, update, or modify Services provided no substantial committed service-level reduction occurs.

17.2 Material Terms modifications are communicated with reasonable advance notice (minimum 30 days).

17.3 Continued Services use after that period deems modifications accepted. Otherwise, the Customer may terminate per clause 16.2.

18.1 The Customer cannot assign or transfer rights or obligations without Provider prior written authorization.

18.2 Pintor Project may assign this contract to related companies or business purchasers upon prior Customer notice.

18.3 Pintor Project remains responsible to the Customer for proper Services execution.

18.4 Authorized distributors. Pintor Project may authorize regional distributors to invoice and contract directly with customers in specific territories for one or more Pintor Project services. Where a Customer contracts through an authorized distributor, the distributor's invoice or service agreement governs the commercial relationship, while this Master Agreement governs the use of the Services unless the distributor's agreement specifies otherwise. The current list of authorized distributors is available on request from legal@pintorproject.com.

19.1 All notices are written to parties' indicated physical or electronic addresses. Legal notices to the Provider go to legal@pintorproject.com.

19.2 Each party keeps contact information current.

20.1 This contract is governed by Delaware law without regard to conflict-of-laws provisions.

20.2 Any disputes arising from or relating to this contract submit to exclusive jurisdiction of Delaware state and federal courts, with parties waiving other applicable jurisdictions.