End User License Agreement

This Agreement is entered into between GreyIP Technologies Inc. d/b/a Beacon Technology Group ("Company") and the End User Customer Entity ("Customer"), each as specified in the Order Form to which this Agreement relates. The Order Form, once accepted by Company, is hereby incorporated into and made a part of this Agreement by reference.

Company and Customer may be collectively referred to herein as the "Parties," and each individually as a "Party."

1. Definitions

"Affiliate" means, with respect to either Party, any entity that, directly or indirectly, controls, is controlled by, or is under common control with a party to this Agreement, where control means the power to direct the affairs or management of such entity, whether through the ownership of more than fifty percent (50%) of the voting securities, by contract, as trustee or executor.

"Channel Partner" means a Company-authorized distributor, reseller, or other channel partner for the Software.

"Customer Data" means any data or information inputted or uploaded to the Software by or on behalf of Customer, or otherwise integrated with the Software via an API, or data belonging to Customer's applications within the environment in which the Software is installed (such as application metadata).

"Software" means Company's software as a service solutions, including but not limited to the CYFAX, PREVENT, and ARETE platforms, as described in Schedule A.

"Subscription Scope" means any Software usage and/or consumption limitations and parameters (for example, as to volume of Users, domains and assets, notifications, API access, Features, duration) set forth in the Order Form.

"Users" means an employee of Customer (or its Affiliates, as permitted hereunder) authorized to access and use the Software, whose email address is associated with the Customer's domain.

2. Subscription

2.1 General

Subject to the terms and conditions of this Agreement and the Order Form, including the Subscription Scope, Company grants Customer a limited, worldwide, non-exclusive, non-assignable (except as provided in Section 13.3), non-sublicensable, non-transferable right and license, during the Subscription Term, to access and use the Software solely for Customer's internal end-use (collectively, the "Subscription").

2.2 Account Setup

Commencing promptly following the Start Date, Company shall perform the initial Software setup activities. Customer shall fully cooperate with Company in such efforts and shall provide Company with all information, access, and other resources necessary to achieve the Initial Setup. Customer represents and warrants that all information submitted during the Initial Setup process is, and will thereafter remain, complete and accurate.

2.3 Hosting

The Software will be hosted by third-party hosting services providers (currently, Amazon Web Services and Microsoft Azure) selected by Company (each a "Hosting Provider"), and accordingly the availability of the Software shall be in accordance with the Hosting Provider's then-current uptime commitments.

2.4 Restrictions

As a condition to the Subscription, Customer shall not:

• Copy, "frame," or "mirror" the Software
• Sell, assign, transfer, lease, rent, sublicense, or otherwise distribute the Software to any third party
• Modify, alter, adapt, arrange, or translate the Software
• Decompile, disassemble, decrypt, reverse engineer, or attempt to discover the source code
• Remove, alter, or conceal any proprietary rights notices
• Circumvent, disable, or interfere with security-related features
• Store or transmit any malware, Trojan horse, spyware, or similar malicious item
• Take any action that imposes an unreasonable load on the infrastructure
• Use the Software, or any output, results, scan data, or intelligence derived from the Software, for any purpose covered by the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq., or any state analog thereof, including but not limited to making decisions regarding any individual's eligibility for credit, insurance, employment, housing, or other FCRA-regulated purposes
• Redistribute, resell, or otherwise provide raw Software output, scan data, or threat intelligence reports relating to any third-party organization (i.e., an organization other than Customer) to any party outside Customer's organization without the prior written authorization of the subject organization

3. Purchases via Channel Partners

If Customer is purchasing the Subscription through a Channel Partner:

• The "Order Form" shall be the order issued by the Channel Partner to Company
• Customer will pay the applicable amounts to the Channel Partner, as agreed between Customer and the Channel Partner
• Company may suspend or terminate Customer's Subscription if Company does not receive payment from the Channel Partner
• The Channel Partner is not authorized to make any promises or commitments on Company's behalf

4. Support Services

During the Subscription Term, and subject to Customer's payment of the Fees, Company shall provide its then-current, standard Software technical support and maintenance services ("Support Services"), as described in the Order Form.

As part of Support Services, Company may, from time to time, modify and replace Features and user interface of the Software to improve functionality.

5. Payment

Customer shall pay Company the Subscription fees and any other fees or charges specified in the Order Form. Unless expressly stated otherwise:

• All Fees are stated and are to be paid in US Dollars
• All payments under this Agreement are non-refundable
• All Fees are payable in advance and shall be paid within ten (10) days of Company's issuance of invoice
• Any amount not paid when due will accrue interest at the lesser of 1.5% per month and the highest amount permitted by law

Company reserves the right to suspend or cease provision of the Software if Customer is seven (7) days or more overdue on a payment.

6. Ownership

Company (and/or its licensors) is, and shall be, the sole and exclusive owner of all right, title, and interest in and to: (a) the Software and all related intellectual property; (b) its Confidential Information; (c) any Output (non-Customer-identifying information, data, reporting, analyses, and intelligence relating to the operation, support, and Customer's use of the Software); (d) any Feedback; and (e) any improvements, derivative works, and modifications thereof.

7. Privacy & Data Protection

Beacon's handling of personal data is governed by this Agreement and our Privacy Policy. The capacity in which Beacon processes personal data depends on the specific processing activity:

• Processor: With respect to Customer Data that Customer inputs or uploads to the Software (including PREVENT endpoint telemetry, CYFAX monitoring inputs, and VIP identities), Beacon acts as a Data Processor under the EU General Data Protection Regulation 2016/679 ("GDPR") and Service Provider under the California Consumer Privacy Act ("CCPA"), processing such data on Customer's behalf in accordance with Customer's documented instructions.
• Controller: With respect to threat intelligence that Beacon independently collects from public sources, honeypot infrastructure, and deception technology, and with respect to corporate website visitor data, Beacon acts as a Data Controller.

Where Beacon acts as Processor, Beacon commits to:

• Processing such data only under Customer's documented instructions and in compliance with GDPR, CCPA, and other applicable data protection laws
• Implementing appropriate technical and organizational safeguards to protect the data
• Assisting Customer in addressing data subject rights requests
• Promptly informing Customer of any data subject requests received directly by Beacon
• Notifying Customer of any confirmed personal data breach affecting Customer Data within seventy-two (72) hours of Beacon's confirmation of the breach

For processing of Customer Data that qualifies as Personal Data under GDPR or Personal Information under CCPA, the Parties shall execute a Data Processing Addendum (DPA) on request of either Party, which shall form part of this Agreement. In the absence of an executed DPA, the commitments in this Section 7 shall serve as the data processing terms between the Parties.

8. Confidentiality

Each Party (the "Recipient") may have access to certain non-public or proprietary information and materials of the other Party (the "Discloser"), whether in tangible or intangible form ("Confidential Information").

The Recipient shall not disclose or make available the Discloser's Confidential Information to any third party, except to its employees, contractors, advisers, agents, and investors, subject to substantially similar written confidentiality undertakings.

Recipient shall take commercially reasonable measures to protect the Discloser's Confidential Information from disclosure to a third party and shall use such information solely for the purposes expressly permitted under this Agreement.

9. Disclaimers

THE SOFTWARE, SERVICES, OUTPUT, AS WELL AS ANY OTHER GOODS AND SERVICES PROVIDED OR MADE AVAILABLE BY COMPANY HEREUNDER ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITH ALL DEFECTS. ALL EXPRESS, IMPLIED, AND STATUTORY CONDITIONS AND WARRANTIES (INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET POSSESSION, NON-INFRINGEMENT, OR QUALITY OF SERVICE) ARE HEREBY DISCLAIMED BY COMPANY AND ITS LICENSORS. COMPANY DOES NOT WARRANT THAT THE SOFTWARE WILL BE UNINTERRUPTED, SECURE, OR ERROR-FREE.

10. Limitation of Liability

IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES OR ANY LOSS OF PROFITS, BUSINESS, OPPORTUNITY, OR REVENUE ARISING OUT OF OR RELATING TO THIS AGREEMENT.

COMPANY'S ENTIRE, AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED THE AMOUNT OF PAYMENT RECEIVED BY COMPANY FROM CUSTOMER IN THE TWELVE (12) MONTHS PRECEDING THE APPLICABLE CLAIM.

11. Indemnification

11.1 Company Indemnity

In the event a third party makes or institutes any claim against Customer alleging that Customer's authorized access and use of the Software infringes such third party's copyright or patent (an "Infringement Claim"), Company shall:

• At its own expense, defend Customer against the Infringement Claim
• Indemnify and hold harmless Customer for any amount finally awarded against Customer

Company's combined aggregate liability under this Section 11.1 shall not exceed three (3) times the amounts actually paid by Customer to Company under this Agreement.

11.2 Customer Indemnity

Customer shall indemnify, defend, and hold harmless Company, its Affiliates, and their respective officers, directors, employees, and agents from and against any third-party claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to: (a) Customer's breach of Section 2.4 (Restrictions), including any FCRA-prohibited use or unauthorized third-party redistribution of Software output; (b) Customer Data that Customer has uploaded without the legal right to do so; (c) Customer's use of the Software in violation of applicable law; or (d) any claim that Customer's use of Software output caused damage or harm to any third party whose data is referenced therein.

12. Term and Termination

12.1 Term

This Agreement commences on the Effective Date and shall continue in full force and effect until all Order Forms have expired. Unless otherwise agreed, the Order Form shall automatically renew for successive periods, unless either Party notifies the other Party in writing of its intent not to renew, not less than sixty (60) days prior to the expiration of the then-current Subscription Term.

12.2 Termination for Breach

Each Party may terminate this Agreement immediately upon written notice if the other Party commits a material breach and fails to cure that breach within sixty (60) days after receipt of written notice (except that for payment defaults, such cure period will be seven (7) days; and Customer's breach of Section 2.4 FCRA or third-party-redistribution restrictions is a material breach that is non-curable at Company's sole discretion).

12.3 Effect of Termination

Upon termination: (a) the Subscription shall automatically terminate, (b) Customer shall cease all access and use of the Software, and (c) Customer shall permanently erase and/or return all Confidential Information of Company.

13. Miscellaneous

13.1 Governing Law and Venue

Contracting Entity: GreyIP Technologies Inc. d/b/a Beacon Technology Group

Address: 4900 S. University Drive, Suite 200B, Davie, FL 33328, United States

Governing Law: State of Florida, USA

Exclusive Jurisdiction: State and federal courts located in Broward County, Florida, USA

The laws of the State of Florida will govern this Agreement, without regard to conflict-of-laws principles. Any disputes shall be exclusively brought before and resolved by the courts located in Broward County, Florida. The United Nations Convention on Contracts for the International Sale of Goods is expressly excluded.

13.2 Jury Trial Waiver

EACH PARTY IRREVOCABLY WAIVES ITS RIGHT TO TRIAL OF ANY ISSUE BY JURY.

13.3 Assignment

This Agreement may not be assigned by either Party without prior written consent, except that either Party may assign this Agreement to an Affiliate or successor in connection with a merger, consolidation, or acquisition.

13.4 Export Compliance

Customer shall not transfer, export, re-export, import, or divert the Software to any embargoed country or to any entity on the U.S. Treasury Department's list of Specially Designated Nationals.

13.5 Entire Agreement

This Agreement (and its annexes) represents the entire agreement of the Parties with respect to the subject matter hereof and supersedes all prior and contemporaneous understandings and statements.

Schedule A: Software Services

CYFAX Threat Intelligence Platform

External attack surface management, dark web monitoring, credential exposure detection, threat actor attribution, and predictive risk scoring. Provides 6–21 weeks of early warning before credential-based attacks.

PREVENT Endpoint Security Platform

Unified security platform combining Breach & Attack Simulation (BAS), Network Detection & Response (NDR), and Asset Lifecycle Management (ALM). Validates security controls, detects threats in real time, and remediates automatically.

ARETE Predictive Analytics

AI-driven predictive analytics engine providing breach probability forecasting, threat actor behavioral analysis, and risk correlation across the Beacon ecosystem.

Questions About This Agreement?

If you have any questions about this End User License Agreement, please contact us: