Data Use Agreement

1.1 "Affiliate" means, with respect to a Party, any entity that directly or indirectly controls, is controlled by, or is under common control with such Party, where "control" means ownership of more than fifty percent (50%) of the voting securities or equivalent governance interest.

1.2 "Aggregated Image Data" means any compilation, dataset, database, or derivative work incorporating one or more Images or Derivative Works, whether in identifiable, anonymized, pseudonymized, or transformed form, together with any metadata, annotations, embeddings, feature vectors, confidence scores, or other technical representations derived therefrom.

1.3 "Applicable Law" means all applicable federal, state, local, and foreign statutes, regulations, rules, ordinances, orders, and binding guidance, as amended from time to time, including without limitation: (a) U.S. and foreign data protection and privacy laws (including the CCPA/CPRA, GDPR, LGPD, PIPEDA, and their implementing regulations); (b) consumer protection laws; (c) U.S. export control laws (including the EAR and ITAR); (d) economic sanctions laws and regulations administered by OFAC; (e) anti-bribery and anti-corruption laws (including the FCPA and UK Bribery Act); (f) biometric data laws (including BIPA and equivalent state statutes); (g) intellectual property laws; and (h) all sector-specific laws applicable to either Party's business.

1.4 "Biometric Data" means any biometric identifier or biometric information as defined under Applicable Law, including retina or iris scans, fingerprints, voiceprints, scans of hand or face geometry, or other biological characteristics that can be used to identify a person.

1.5 "Claim" means any action, suit, proceeding, investigation, demand, allegation, loss, liability, damage, cost, or expense, including reasonable attorneys' fees.

1.6 "Commercial Activities" means all commercial, operational, and business purposes, including without limitation: (a) training, validating, testing, fine-tuning, and operating artificial intelligence, machine learning, and computer vision systems; (b) developing, licensing, selling, and commercializing products, services, and technologies; (c) creating and licensing datasets and data products; (d) advertising, marketing, and promotional activities; (e) publishing research, white papers, and analyses; (f) creating and exploiting Derivative Works; and (g) any other revenue-generating activity.

1.7 "Confidential Information" has the meaning set forth in Article IX.

1.8 "Contributor Data" means the Images, Image Portfolio, and all associated metadata provided or made accessible by Contributor to Company under this Agreement.

1.9 "De-identified Data" means data derived from Images or Contributor Data from which all Personal Data and all information reasonably capable of identifying any natural person or Contributor has been removed or irreversibly transformed, such that re-identification is not reasonably practicable under Applicable Law.

1.10 "Derivative Work" means any work that is based upon, derived from, or incorporates any Image, including modifications, adaptations, annotations, labels, embeddings, encodings, and compilations.

1.11 "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, and where applicable, the UK GDPR as defined in the UK Data Protection Act 2018.

1.12 "Image(s)" means any photograph, digital image, illustration, graphic, visual media file, video, or other visual content provided by Contributor to Company under this Agreement, together with all associated embedded metadata (including EXIF data, geolocation data, timestamps, and device identifiers).

1.13 "Image Portfolio" has the meaning set forth in the Recitals.

1.14 "Intellectual Property Rights" means all patents (including patent applications and continuations), copyrights, moral rights, trademarks, trade dress, trade secrets, rights of publicity, rights of privacy, database rights, mask work rights, and all other intellectual property or proprietary rights recognized under Applicable Law, whether registered or unregistered.

1.15 "Personal Data" means any information that identifies or is reasonably capable of identifying a natural person, as defined under Applicable Law, including Special Categories of Personal Data.

1.16 "Processing" (and its cognates) has the meaning given under the GDPR and, where applicable, equivalent definitions under other data protection laws.

1.17 "Special Categories of Personal Data" means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, Biometric Data, data concerning health, data concerning sex life or sexual orientation, and any other categories of sensitive personal data defined under Applicable Law.

1.18 "Term" has the meaning set forth in Section 10.1.

2.1 Delivery. Contributor shall deliver or make accessible the Image Portfolio to Company in the format, frequency, and manner described in Exhibit B (Technical Specifications) attached hereto. Risk of loss or corruption of Images during transmission shall be borne by the transmitting Party. The Parties shall cooperate in good faith to establish and maintain secure transmission protocols.

2.2 Updates and Supplements. Unless otherwise agreed in writing, Contributor shall provide updates or supplements to the Image Portfolio as set forth in Exhibit B. Each supplement shall be subject to the representations, warranties, and license grants set forth in this Agreement as of the date of such supplement's delivery.

2.3 Audit of Delivery. Company shall have the right to audit the completeness and technical quality of Images delivered against any agreed specifications within thirty (30) days of receipt. Contributor shall promptly cure any material deficiency identified in such audit at no additional cost to Company.

3.1 License Grant. Subject to the terms and conditions of this Agreement, Contributor hereby grants to Company and its Affiliates a worldwide, irrevocable (subject to Section 10.4), perpetual, royalty-free (or, if applicable, subject to the fees set forth in Exhibit A), fully paid-up, non-exclusive right and license under all of Contributor's Intellectual Property Rights in and to the Images and Contributor Data to:

3.2 Exclusivity. The license granted in Section 3.1 is non-exclusive, and Contributor retains the right to license the Images to third parties, subject to the confidentiality obligations in Article IX.

3.3 Ownership of Aggregated Image Data and Derivatives. As between the Parties, Company shall own all right, title, and interest, including all Intellectual Property Rights, in and to: (a) all Aggregated Image Data; (b) all Derivative Works, models, algorithms, and datasets created by or on behalf of Company that incorporate or are derived from Images; and (c) all results, outputs, and products generated through use of the Images or Contributor Data. Nothing herein shall be construed as a transfer of Contributor's underlying ownership of the original Images.

3.4 Moral Rights. To the fullest extent permitted under Applicable Law, Contributor irrevocably waives, and shall procure the irrevocable waiver of, any and all moral rights, rights of attribution, rights of integrity, and analogous rights in the Images in favor of Company.

3.5 Feedback. If either Party provides feedback, suggestions, or improvement ideas to the other Party, the receiving Party shall own all Intellectual Property Rights in such feedback, and the providing Party hereby assigns all such rights to the receiving Party.

3.6 Reserved Rights. Except for the rights expressly granted in this Article III, no other rights are granted by either Party, whether by implication, estoppel, or otherwise.

4.1 Compensation. In consideration for the rights granted hereunder, Company shall pay Contributor the fees, royalties, or other compensation set forth in Exhibit A (Commercial Terms) in accordance with the payment terms specified therein.

4.2 Taxes. Each Party shall be responsible for all taxes, duties, levies, and similar charges imposed on its own income or business operations by any taxing authority. Where applicable law requires withholding, the withholding Party shall provide the other Party with appropriate tax certificates and shall cooperate to minimize withholding to the extent permitted by law.

4.3 Audit Rights. Each Party shall maintain complete and accurate records relating to its performance under this Agreement for a period of three (3) years following the relevant period. Each Party shall have the right, upon thirty (30) days' prior written notice and no more than once per calendar year, to audit or have audited by an independent certified public accountant the other Party's relevant records to verify compliance with the financial terms of this Agreement.

5.1 Mutual Representations and Warranties. Each Party represents and warrants to the other Party, as of the Effective Date and as of each date on which Images are delivered, that:

5.2 Contributor's Additional Representations and Warranties. Contributor additionally represents and warrants that:

5.3 Knowledge Qualifier. Where representations in this Article V are qualified by "to its knowledge," such qualifier refers to the actual knowledge of the senior officers of the representing Party, after reasonable inquiry.

6.1 Roles. With respect to Personal Data contained in the Images:

6.2 Data Processing Annex. The Parties shall execute the Data Processing Annex attached as Exhibit D, which addresses, at minimum: (a) categories of Personal Data and data subjects; (b) purposes and legal bases for Processing; (c) data retention and deletion obligations; (d) security measures; (e) sub-processing arrangements; (f) data subject rights procedures; (g) breach notification obligations; and (h) international data transfer mechanisms (including Standard Contractual Clauses or equivalent adequacy mechanisms where applicable).

6.3 Security. Each Party shall implement and maintain technical and organizational security measures appropriate to the risk of Processing, including measures addressing: (a) pseudonymization and encryption; (b) ongoing confidentiality, integrity, availability, and resilience of systems; (c) ability to restore data following incidents; and (d) regular testing and evaluation of security measures. The Parties shall align their security standards as set forth in Exhibit E (Security Standards).

6.4 Breach Notification. Each Party shall notify the other Party without undue delay, and in any event within forty-eight (48) hours of becoming aware, of any actual or reasonably suspected Personal Data breach affecting the other Party's data. Each Party shall cooperate fully with the other in investigating, mitigating, and remedying any breach, and in fulfilling any regulatory notification obligations.

6.5 Biometric Data Compliance. Where Images contain Biometric Data:

6.6 CCPA/CPRA Compliance. To the extent Contributor is a "business" and Company is a "service provider" or "contractor" under the CCPA/CPRA: (a) Company shall not sell or share Personal Data; (b) Company shall not retain, use, or disclose Personal Data for any purpose other than the business purposes specified in this Agreement; (c) Company shall not retain, use, or disclose Personal Data outside the direct business relationship between the Parties; and (d) Company certifies that it understands and will comply with the foregoing restrictions. Where Company is processing Personal Data for its own Commercial Activities, it acts as an independent "business" under the CCPA/CPRA, and the Parties shall reflect this in Exhibit D.

6.7 International Transfers. Any cross-border transfer of Personal Data shall be conducted in accordance with Applicable Law, including, where applicable: (a) the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914); (b) the UK International Data Transfer Agreement or Addendum; (c) any adequacy decisions; or (d) such other mechanisms as may be required or agreed by the Parties and set forth in Exhibit D.

6.8 Data Subject Rights. Each Party shall maintain procedures to respond to data subject rights requests (including rights of access, rectification, erasure, portability, and objection) in accordance with Applicable Law. The Parties shall cooperate to fulfill any such request within the timeframes required by Applicable Law.

6.9 De-identification. Company shall have the right to de-identify or anonymize any Personal Data in the Images prior to or in connection with aggregation and Commercial Activities. Once data is demonstrably De-identified in accordance with applicable standards (including the HIPAA Safe Harbor and Expert Determination standards, as applicable), it shall no longer be subject to the data protection provisions of this Agreement, and Company shall own all rights in such De-identified Data.

6.10 Retention and Deletion. Upon expiration or termination of this Agreement, each Party shall, at the other Party's election, return or securely destroy the other Party's Confidential Information and Personal Data, except to the extent retention is required by Applicable Law or necessary to maintain De-identified Data or Aggregated Image Data lawfully derived prior to termination. Any retained data shall remain subject to the confidentiality and data security obligations of this Agreement.

7.1 Mutual Indemnification. Each Party (the "Indemnifying Party") shall defend, indemnify, and hold harmless the other Party and its Affiliates, and their respective officers, directors, employees, agents, successors, and assigns (collectively, the "Indemnified Parties") from and against any and all Claims arising out of or relating to:

7.2 Contributor's Additional Indemnification. Contributor shall additionally defend, indemnify, and hold harmless the Company Indemnified Parties from and against any and all Claims arising out of or relating to:

7.3 Indemnification Procedure. The Indemnified Party shall: (a) promptly notify the Indemnifying Party in writing of any Claim; (b) grant the Indemnifying Party sole control of the defense and settlement of such Claim, provided that the Indemnifying Party may not settle any Claim that imposes liability, obligations, or restrictions on the Indemnified Party without the Indemnified Party's prior written consent; and (c) provide reasonable cooperation, at the Indemnifying Party's cost. Failure to provide timely notice shall not relieve the Indemnifying Party of its obligations except to the extent of actual prejudice. The Indemnified Party may participate in the defense at its own expense with counsel of its choosing.

8.1 Mutual Limitation. EXCEPT AS SET FORTH IN SECTION 8.2, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS OPPORTUNITY, REGARDLESS OF THE THEORY OF LIABILITY (TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE) AND REGARDLESS OF WHETHER SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8.2 Cap on Liability. EXCEPT AS SET FORTH IN SECTION 8.3, EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID OR PAYABLE BY COMPANY TO CONTRIBUTOR UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM; OR (B) [AMOUNT TO BE AGREED IN EXHIBIT A].

8.3 Exceptions. The limitations and exclusions in Sections 8.1 and 8.2 shall not apply to: (a) either Party's indemnification obligations under Article VII; (b) either Party's breach of its confidentiality obligations under Article IX; (c) either Party's breach of its data protection obligations under Article VI; (d) Claims arising from a Party's fraud, willful misconduct, or gross negligence; (e) Claims arising from either Party's violation of Applicable Law (including data protection laws and biometric privacy statutes); or (f) either Party's Intellectual Property infringement.

8.4 Acknowledgment. Each Party acknowledges that the limitations of liability in this Article VIII reflect a reasonable and negotiated allocation of risk between sophisticated commercial parties, and each Party has had the opportunity to consult with legal counsel prior to execution.

9.1 Definition. "Confidential Information" means any non-public information disclosed by one Party (the "Disclosing Party") to the other Party (the "Receiving Party") in connection with this Agreement that is designated as confidential, or that the Receiving Party knew or reasonably should have known was confidential given the circumstances of disclosure. Confidential Information includes, without limitation: business plans and strategies, financial data, technical specifications, pricing terms, customer data, Image Portfolio characteristics, and the terms of this Agreement.

9.2 Obligations. Each Receiving Party shall: (a) hold the Disclosing Party's Confidential Information in strict confidence using at least the same degree of care it uses to protect its own most sensitive confidential information (but no less than reasonable care); (b) not disclose Confidential Information to any third party without the Disclosing Party's prior written consent, except as permitted under Section 9.3; and (c) use Confidential Information solely for the purposes contemplated by this Agreement.

9.3 Permitted Disclosures. A Receiving Party may disclose Confidential Information: (a) to its employees, officers, Affiliates, advisors, and contractors who have a legitimate need to know and who are bound by written confidentiality obligations no less protective than those in this Article IX; and (b) as required by Applicable Law or legal process, provided that, to the extent legally permissible, the Receiving Party provides prompt prior written notice to the Disclosing Party and cooperates with the Disclosing Party in seeking a protective order or other appropriate relief.

9.4 Exclusions. Confidential Information does not include information that: (a) is or becomes publicly available without breach of this Agreement; (b) was rightfully known to the Receiving Party before disclosure; (c) is rightfully received from a third party without restriction; or (d) was independently developed by the Receiving Party without use of Confidential Information.

9.5 Return or Destruction. Upon the Disclosing Party's request or upon expiration or termination of this Agreement, the Receiving Party shall promptly return or securely destroy all Confidential Information, including copies, and shall certify such destruction in writing upon request.

9.6 Survival. Confidentiality obligations under this Article IX shall survive the expiration or termination of this Agreement for a period of five (5) years; provided, however, that obligations with respect to trade secrets shall survive indefinitely.

10.1 Term. This Agreement shall commence on the Effective Date and shall continue for an initial term of one (1) year (the "Initial Term"), unless earlier terminated in accordance with this Article X. Thereafter, this Agreement shall automatically renew for successive one-year periods (each a "Renewal Term" and, together with the Initial Term, the "Term") unless either Party provides written notice of non-renewal at least ninety (90) days prior to the end of the then-current term.

10.2 Termination for Cause. Either Party may terminate this Agreement, effective upon written notice, if the other Party: (a) materially breaches this Agreement and fails to cure such breach within thirty (30) days after receiving written notice thereof (or such shorter cure period as may be appropriate in the case of a data breach or regulatory violation); (b) becomes insolvent, makes a general assignment for the benefit of creditors, files a voluntary petition in bankruptcy, or has an involuntary petition in bankruptcy filed against it that is not dismissed within sixty (60) days; or (c) ceases to conduct business in the ordinary course.

10.3 Termination for Regulatory Cause. Either Party may immediately terminate this Agreement by written notice if: (a) a governmental authority issues a binding order requiring cessation of activities under this Agreement; (b) continued performance would, in the reasonable opinion of outside legal counsel, violate Applicable Law; or (c) either Party becomes the subject of an enforcement action by a data protection authority or other regulatory body relating to the Images or the activities contemplated herein.

10.4 Effect of Termination.

10.5 Surviving Provisions. The following Articles and Sections shall survive any expiration or termination of this Agreement: Articles I, IV (accrued obligations), VII, VIII, IX; and Sections 3.3, 3.4, 5.3, 6.9, 6.10, 10.4, 10.5, and Articles XI through XIV.

11.1 Compliance Program. Each Party shall maintain a compliance program reasonably designed to ensure compliance with all Applicable Laws relevant to its performance under this Agreement, including data protection, anti-bribery and anti-corruption, export controls, and sanctions.

11.2 Anti-Bribery and Anti-Corruption. Each Party represents and warrants that it has not made, offered, promised, or authorized, and shall not make, offer, promise, or authorize, any payment or transfer of anything of value to any government official, political party, or other person for the purpose of improperly influencing any official act or obtaining any improper advantage in connection with this Agreement, in violation of the U.S. Foreign Corrupt Practices Act, the UK Bribery Act 2010, or any equivalent Applicable Law.

11.3 Export Controls and Sanctions. Each Party shall comply with all applicable U.S. and foreign export control laws and regulations (including the EAR and ITAR) and economic sanctions programs (including those administered by OFAC). Neither Party shall transfer any Images, Aggregated Image Data, or related technology to any country, entity, or individual subject to U.S. export restrictions or sanctions without first obtaining all required government authorizations.

11.4 Regulatory Cooperation. The Parties shall cooperate in good faith with each other and with any regulatory authority in connection with any inquiry, investigation, or audit relating to the Images or the activities contemplated by this Agreement. Each Party shall promptly notify the other of any regulatory inquiry or investigation relating to such activities.

11.5 Most-Favored Compliance. Each Party shall maintain data protection and privacy practices with respect to the other Party's data that are no less protective than those it applies to its own most sensitive customer data.

12.1 Documentation. Contributor shall maintain complete, accurate, and accessible records documenting: (a) the chain of title and all rights acquired in the Image Portfolio; (b) all End-User Consents; (c) all privacy notices provided in connection with image collection; and (d) any third-party licenses or restrictions affecting any Images. Contributor shall make such records available to Company for inspection within ten (10) business days of request.

12.2 Notification of Defects. If Contributor discovers or has reason to believe that any Image in the Portfolio is subject to a third-party claim, consent withdrawal, regulatory restriction, or other defect that would impair Company's rights, Contributor shall notify Company in writing within five (5) business days.

12.3 Withdrawal of Defective Images. Upon notification under Section 12.2, the Parties shall promptly confer and agree upon a remediation plan, which may include removal of affected Images from the Portfolio at Contributor's cost. Removal of Images shall not affect Company's rights in Aggregated Image Data or De-identified Data created prior to removal.

13.1 Escalation. Prior to initiating arbitration, the Parties shall attempt to resolve any dispute through escalation to senior management (VP level or above) of each Party. Such escalation shall be initiated by written notice and the designated senior representatives shall meet within fifteen (15) business days to attempt resolution in good faith. If the dispute is not resolved within thirty (30) days after such meeting, either Party may initiate arbitration in accordance with Section 13.2.

13.2 Binding Arbitration. Any dispute, claim, or controversy arising out of or relating to this Agreement, or the breach, termination, enforcement, interpretation, or validity thereof (including the arbitrability of any dispute), shall be finally resolved by binding arbitration administered by JAMS pursuant to its then-current Comprehensive Arbitration Rules and Procedures, or, for international disputes, its International Arbitration Rules. The arbitration shall be conducted by a panel of three (3) arbitrators, each with demonstrated expertise in commercial contracts and intellectual property or technology law. The seat of arbitration shall be Seattle, Washington. The language of arbitration shall be English.

13.3 Confidentiality of Proceedings. The arbitration proceedings and all related submissions, evidence, and awards shall be treated as Confidential Information of both Parties.

13.4 Interim Relief. Notwithstanding Section 13.2, either Party may seek emergency or provisional injunctive or equitable relief from a court of competent jurisdiction to prevent irreparable harm, without waiving the right to arbitration.

13.5 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Washington, without regard to its conflict-of-law principles, except that any data protection matters shall also be governed by Applicable Law.

13.6 No Class Actions. The Parties agree that all disputes shall be resolved in their individual capacities, and neither Party shall bring or participate in any class action or representative proceeding in connection with this Agreement.

14.1 Entire Agreement. This Agreement, together with all Exhibits and any addenda executed by the Parties, constitutes the entire agreement between the Parties with respect to its subject matter and supersedes all prior and contemporaneous agreements, understandings, negotiations, and representations, whether written or oral. No Party has relied on any representation not expressly set forth in this Agreement.

14.2 Amendments. This Agreement may not be amended except by a written instrument signed by authorized representatives of both Parties.

14.3 Waiver. No failure or delay by either Party in exercising any right or remedy shall operate as a waiver thereof. No waiver shall be effective unless in writing and signed by an authorized representative of the waiving Party.

14.4 Assignment. Neither Party may assign or transfer this Agreement or any rights or obligations hereunder without the prior written consent of the other Party (not to be unreasonably withheld, conditioned, or delayed), except that: (a) either Party may assign this Agreement without consent to an Affiliate, or in connection with a merger, acquisition, or sale of all or substantially all of the assets of such Party (provided the assignee assumes all obligations hereunder), upon written notice to the other Party; and (b) Company may assign its rights in Aggregated Image Data and De-identified Data without restriction.

14.5 Severability. If any provision of this Agreement is held invalid, illegal, or unenforceable, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, and the remaining provisions shall continue in full force and effect.

14.6 Notices. All notices required or permitted under this Agreement shall be in writing and delivered: (a) by hand or overnight courier; (b) by certified mail, return receipt requested; or (c) by email with written confirmation of receipt, in each case to the addresses set forth in the signature block below or as updated by written notice.

14.7 Force Majeure. Neither Party shall be liable for delays or failures in performance caused by events beyond its reasonable control (including acts of God, war, terrorism, pandemics, or government orders), provided the affected Party promptly notifies the other Party and uses commercially reasonable efforts to resume performance.

14.8 Relationship of the Parties. The Parties are independent contractors. Nothing in this Agreement shall be construed to create a partnership, joint venture, agency, employment, or fiduciary relationship between the Parties.

14.9 Counterparts; Electronic Signatures. This Agreement may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same agreement. Electronic signatures shall be deemed valid and binding to the same extent as original signatures, in accordance with the E-SIGN Act and applicable state law.

14.10 Construction. This Agreement has been negotiated by sophisticated parties with the assistance of legal counsel. No provision shall be construed against either Party as the drafter. Headings are for convenience only and shall not affect interpretation.

14.11 Further Assurances. Each Party shall execute and deliver such additional documents and instruments and take such further actions as may be reasonably necessary to carry out the purposes and intent of this Agreement.