USER AGREEMENT FOR PLATFORM CLIENTS (B2B)

Version v.1.0 dated 13.10.2025

1.General Provisions
2.Terms and Definitions
3.Subject Matter and Scope of Services
4.Procedure for Concluding (Accepting) the Agreement
5.Account and Access
6.Terms of Use for Trial Services and Beta Versions
7.Tariffs and Subscription
8.Prices, Settlements, and Taxes
9.Acceptable Use
10.Data and Results
11.Confidential Information and Personal Data
12.Security and Incidents
13.SLA and Support
14.Integrations and Third-Party Services
15.Intellectual Property
16.Warranties and Disclaimers
17.Liability and Its Limitations
18.Indemnification
19.Suspension and Termination
20.Governing Law, Jurisdiction, and Disputes
21.Sanctions, Export Control, and Anti-Corruption
22.Publicity and Use of Marks
23.Notifications
24.Assignment of Rights and Subcontracting
25.Force Majeure
26.Changes to the Agreement
27.Priority of Documents
28.Final Provisions

1. General Provisions

1.1.

This User Agreement (hereinafter the 'Agreement' or 'UA') governs the procedure for providing access to and use of the gro.now Platform under a Software as a Service (SaaS) model. The Platform includes functional modules, including Research Modules, which allow the Client to independently conduct Research using analytical tools and Electronic Surveying.

1.2. - 1.8.

1.2. Provider – Pwron LLP, BIN 241040012133, address: Republic of Kazakhstan, Almaty, Bostandyk district, Satpayev str., 90/54, apt. 5, postal code 050000; e-mail: t@gro.now; website: https://gro.now/.
Client - a legal entity or individual entrepreneur who has acceded to the Agreement in the manner set forth in Section 4 and acts through its authorized representatives – users.

1.3. Territory and International Nature. The gro.now Services are available to Clients from the Republic of Kazakhstan and other states, while the law of the Republic of Kazakhstan shall apply to the Agreement (see Section 19). Restrictions related to sanctions and export control may apply (see Section 20).

1.4. Publicity and Form. The Agreement is posted on the Internet at: https://app.gro.now/legal. The Client's accession is carried out without signing a single document by the parties in paper form and does not require seals, unless otherwise expressly agreed in writing.

1.5. Related Documents. An integral part of the Agreement are the documents posted on the Website, available at the following addresses (in their current version):

The order of priority of documents is established in Section 27.

1.6. Language Versions. The Agreement may be published in Russian, Kazakh, and English. In case of discrepancies, the Russian version shall prevail.

1.7. Provider's Contacts. For claims and contractual correspondence, use the addresses specified in clause 1.2. The Provider has the right to update contact details by publishing an update on the website.

1.8. Client's Account. Access to the Platform is provided through the Client's user accounts, managed by the Client's administrator (see Section 5). Upon registration/SSO, the Client confirms that it has read this Agreement and the related documents.

2. Terms and Definitions

2.1. - 2.31.

2.1. Platform — the gro.now hardware and software complex, including web interfaces, mobile applications (app), backend services, AI-based analytics modules, data connectors, SDKs, and (if available) APIs, as well as related documentation.
2.2. Services – the Provider's services for providing access to the Platform on a SaaS model, ensuring its functionality and infrastructure support within the SLA, as well as configuration works to set up the Platform's functionality (including Research Modules), if such works are provided for by the Tariff or agreed upon separately.
2.3. SaaS (Software as a Service) — is a cloud-based model for providing software, in which the Provider develops cloud software, provides its maintenance, automatic updates, and availability, and provides such software to customers via the Internet for a fee proportional to the volume of use. The Provider manages all hardware, standard software, including middleware, software applications, and security.
2.4. Client, Client's User – respectively: the organization/individual entrepreneur that has acceded to the Agreement; employees, contractors, and other authorized persons acting on behalf of the Client and using the Platform based on the rights granted by the Client.
2.5. Client's Administrator – a Client's User vested with rights to manage access and Client settings on the Platform (creating/deleting users, assigning roles, selecting a tariff plan, etc.).
2.6. Account - a set of records and settings that provide access for the Client's Users to the Platform, including identifiers, roles, tokens, and authentication methods (including SSO).
2.7. Research – a set of analytical activities carried out by the Client using the Platform's functionality and analytical tools based on data obtained from open sources, including, but not limited to, social media analysis, reviews, macroeconomic indicators, as well as conducting Electronic Surveying.
2.8. Research Modules – pre-configured software solutions within the Platform's functionality that allow for the automated collection and analysis of information from open sources for conducting Research. The Provider ensures their functionality and, if necessary, carries out their configuration/inclusion to the extent provided for by the Agreement.
2.9. Electronic Surveying – the collection and processing of data through online surveys and interviews conducted in an automated mode using the Platform.
2.10. Research Results – aggregated data and analytical indicators processed using the Platform's tools and/or artificial intelligence and displayed through the Platform's interface.
2.11. Client Data – any data, materials, and other information (including personal data) uploaded, provided, or otherwise transmitted by the Client to the Platform, as well as data obtained from sources/integrations connected by the Client (e.g., Google SSO, Calendly, others).
2.12. Results – any reports, visualizations, exported arrays, and other output materials generated by the Platform from Client Data and/or during the use of its functionality (including Research Results), excluding materials for which the rights belong to the Provider under Section 14.
2.13. Subscription – a paid right of access to the Platform for a selected period (month/year or other) within the selected Tariff, with included limits/functionality and an active SLA.
2.14. Tariff (Plan) – a package of functionality, limits, and conditions for the provision of Services published at https://gro.now/#pricing, indicating the price, period, and restrictions.
2.15. Invoice - a document/invoice from the Provider, sent to the Client, containing a link to the current version of the Agreement and the parameters of the Subscription/services (Tariff, number of seats/limits, period, price, currency, taxes, start date).
2.16. Supplementary Agreement / Order – a document signed by the Parties that explicitly provides for the Provider's special obligations to perform tasks beyond the scope of the Services (e.g., development/configuration of an additional Research Module), including the scope, deadlines, and cost of such services.
2.17. Effective Date – the date of the Client's acceptance of the Agreement by: (i) signing a separate contract/order with a reference to the Agreement; or (ii) paying an Invoice for a Subscription (see Section 4).
2.18. Website – the public pages https://gro.now/ and https://app.gro.now/.
2.19. Personal Data (PD) – information relating to an identified or identifiable natural person, processed in the provision of the Services and/or Research services, including as part of Client Data or respondent data.
2.20. DPA – the Data Processing Agreement, located at https://app.gro.now/legal/dpa, which governs the roles of the Parties (Client – operator/controller, Provider – processor, if applicable), security measures, and the procedure for interaction.
2.21. SLA – the Service Level Agreement, located at https://app.gro.now/legal/sla, which establishes target indicators for availability/response and service credits.
2.22. AUP – the Acceptable Use Policy, located at https://app.gro.now/legal/acceptable-use-policy, which defines prohibitions and restrictions when using the Platform.
2.23. Third-Party Services (Integrations) – external services and providers not controlled by the Provider (e.g., authentication/SSO providers, scheduling tools, payment organizations), interaction with which may be carried out at the Client's choice.
2.24. Sub-processors – persons engaged by the Provider to process data and/or provide part of the Services (list at https://gro.now/legal/subprocessors).
2.25. Security Incident – a confirmed breach of information security that has resulted in the unauthorized access, loss, alteration, disclosure, or destruction of Client Data or personal data.
2.26. Trial Features – mean any free access to the Platform: a trial version, a pilot/proof of concept, a beta version, a demo environment, or other Services provided without payment, as specified by the Provider in the interface, order/invitation, or otherwise communicated to the Client.
2.27. API – the Platform's application programming interface (if provided), which allows the Client to integrate external systems and automate calls to functionality, available under separate terms for the API (https://app.gro.now/legal/api-terms, if any).
2.28. Business Day – a calendar day, excluding weekends and official public holidays under the law of the Provider's place of registration, unless otherwise specified in the SLA/Support Policy.
2.29. Fee/Payment – the amount payable by the Client for the Subscription and/or other services under the Agreement, including taxes and fees, if applicable.
2.30. Taxes – VAT and other indirect/direct taxes, fees, and withholdings applicable to the Client's payments to the Provider.
2.31. Notification – a message sent in the manner set forth in Section 23 (including e-mail, notifications in the Platform's interface/personal account, and publications on the Website, where permitted by the Agreement).

3. Subject Matter and Scope of Services

3.1. - 3.14.

3.1. Provision of Access to the Platform (SaaS). The Provider grants the Client paid access to the gro.now Platform to the extent of the selected Tariff, and also ensures its functionality and scalability within the SLA. Access is provided to the Client's Users through the Client's Account and is managed by the Client's Administrator (Section 5).
3.2. Platform Functionality. The Platform consists of interconnected modules, the availability and scope of which are determined by the selected Tariff and current limits (see https://gro.now/#pricing). The functionality may include, among other things:
3.2.1. Reputation Module. Consolidation and analysis of user reviews/ratings from supported sources with the presentation of aggregated Results, for example: a) summary monthly and regional performance reports; b) AI analysis of strengths/weaknesses, dynamics of service quality indicators (including NPS); c) trend tracking and notifications of significant deviations according to set rules.
3.2.2. Competitors Module. A comparable overview of market players based on available metrics, for example: a) comparative dashboards and performance reports for selected competitors/categories; b) identification of best practices and areas of underperformance, tracking of market leaders; c) benchmarks for planning and monitoring changes.
3.2.3. Research Module. Tools for the Client to independently conduct Research and Electronic Surveying, for example: a) a survey builder with customizable question types, multilingual support; b) support for CSI, NPS, ENPS, and other satisfaction/engagement metrics; c) gamified formats (including swipes/stories/quizzes) and a 'voice-to-text' option; d) collection, processing, and visualization of research Results in the Platform's interface.
3.2.4. Engagement Module (Referral Programs). Tools for identifying promoters and launching referral activities, for example: a) automatic identification of promoters based on survey responses/metrics; b) invitation to a referral program, generation of personalized promo codes, and sharing tools; c) tracking of referrals/activities and basic analytics in a single dashboard.
3.2.5. General Tools. Integrations with supported data sources, export of Results, administration of users and roles, management of notifications, and, if available, access to API/SDK (under the terms of /legal/api-terms).
Notes: (i) the list of sources, metrics, and formats may change without degrading the base volume of the Tariff; (ii) individual functions may be provided as Trial Features 'as is' (see para. 3.11).
3.3. What is NOT included in the Services. Under no circumstances do the Services under this Agreement include (and are not provided by the Provider within its framework): 3.3.1. professional, scientific, and technical services, including engineering services; 3.3.2. services in the field of advertising and market research (in the sense of services provided by the Provider as a contractor); 3.3.3. information services provided as a separate type of service (preparation of reports/summaries by the Provider, editorial/analytical processing of data, etc.).
3.4. Additional Services. Additional works/services not included in the scope of the Services may be performed under a separate Supplementary Agreement/Order, including: 3.4.1. development/customization of Research Modules for the Client's tasks; 3.4.2. refinement of the Platform's functionality for specific requirements (feature customizations); 3.4.3. setup and/or advanced configuration of the API; 3.4.4. integration of the Platform with the Client's systems and implementation of the Platform into the Client's infrastructure. The scope, deadlines, cost, and acceptance criteria for such additional services are determined only in the relevant Supplementary Agreement/Order.
3.5. Client's Responsibility when Using the Services. 3.5.1. The Client independently plans and conducts Research, formulates hypotheses, designs and scenarios for surveys, determines target audiences and data sources, ensures the legality of their acquisition and processing, and obtains all necessary consents/notifications from data subjects (if applicable). 3.5.2. The Client is responsible for ensuring that the content of Research, scripts, surveys, triggers, and collected data comply with the requirements of applicable law, the AUP, and the DPA. 3.5.3. The Provider does not control and is not obliged to control the content of the Research and is not responsible for the correctness of the Client's methodology, interpretations, and conclusions.
3.6. Restrictions and Acceptable Use. The use of the Platform, including Research Modules and Electronic Surveying, is subject to the AUP (/legal/aup). The Provider has the right to suspend or restrict access in case of a violation of the AUP, security requirements, or the law (Section 19).
3.7. Tariffs, Limits, and Quotas. The specific scope of functionality, limits (including the number of users, projects, storage/request volume, API calls, data collection/processing speed) are determined by the selected Tariff and are published in the Tariff Description (https://gro.now/#pricing). Exceeding the limits is permitted only by upgrading the Tariff or by separate agreement.
3.8. Support and SLA. The support procedure, incident categories, target response/recovery times, and service credits are defined in the SLA (https://app.gro.now/legal/sla). Service credits are the sole remedy for SLA violations, unless otherwise expressly agreed.
3.9. Third-Party Services and Integrations. The Platform may interact with external services (e.g., Google SSO, meeting schedulers, payment providers, etc.). Such services are not controlled by the Provider and are provided under the terms of the respective third parties. The Provider is not responsible for their availability, changes, or the results of their use. By connecting integrations, the Client confirms that it has the right to transfer data to such services and to process it.
3.10. Data from Open Sources. When using Research Modules for the automated collection and analysis of information from open sources, the Client guarantees compliance with the rules of the respective platforms, copyright and related rights, as well as the restrictions of robots.txt/terms-of-use, and confirms that the purposes of processing are lawful.
3.11. Service Evolution and Trial Features. The Provider has the right to develop, change, and improve the Platform (including replacing or removing non-essential functions) without degrading the basic volume provided for by the Tariff. Access to Trial Features may be provided 'as is', without guarantees of availability and support; such functions may be changed or discontinued without compensation.
3.12. Results and Export. The Platform generates Results (including Research Results) in accordance with the selected Tariff and current limits. The Client has the right to export the Results within the functionality of the Platform. Additional formats/custom exports are provided only if available or by separate agreement.
3.13. Geography and Compliance Restrictions. The provision of access may be restricted for certain jurisdictions and categories of Users for reasons of sanctions or export control. The Provider has the right to refuse or suspend access if the service violates applicable regimes (Section 21).
3.14. Priority of Documents. With regard to the scope of provided functions, limits, and metrics, the following apply: the Tariff Description, SLA, AUP, and other documents specified in para. 1.5. In case of a conflict, the order of priority established in Section 27 shall apply.

4. Procedure for Concluding (Accepting) the Agreement

4.1. Offer. The text of the Agreement posted on the Website is a public offer from the Provider to provide access to the Platform on the terms specified in the Agreement and related documents (para. 1.5).

4.2. Methods of Accession (Acceptance):
4.2.1. By signing a separate contract/order between the Provider and the Client, containing a reference to the current online version of the Agreement at the time of signing.
4.2.2. By paying an invoice for a Subscription issued by the Provider. Payment of such an invoice means the Client's unconditional accession to the Agreement in the version in effect at the time of payment (unless a different 'version/hash' is specified in the invoice/order).

4.3. Moment of Conclusion and Effective Date.
4.3.1. When signing a separate contract/order - from the date of signing by the last Party of the relevant contract/order (or another date expressly specified therein).
4.3.2. When paying an invoice – from the moment the payment is received by the Provider (or from the start date of the Subscription specified in the invoice/order, if such date is later).

4.4. Online Version and Archive. The current version of the Agreement is available at https://app.gro.now/legal; an archive of previous versions is available at https://gro.now/legal/archive with the date and version identifier (hash). Upon acceptance under para. 4.2, the Parties are deemed to have agreed to the version specified in the contract/order/invoice or in effect at the time of payment, unless otherwise recorded.

4.5. Supplementary Agreements and Orders for Additional Services.
4.5.1. The Parties may execute Supplementary Agreements and/or Orders (SOW/Work Order) for the provision of Additional Services.
4.5.2. Such a Supplementary Agreement/Order must contain a description of the work, deadlines, cost/payment procedure, acceptance criteria, and a reference to the current version of this Agreement on the date of signing.
4.5.3. Unless expressly stated otherwise, performance under a Supplementary Agreement/Order does not change the parameters of the Subscription and is not considered a change to this Agreement.

4.6. Amendment of Individual Terms in Contractual Documents.
4.6.1. Individual terms of this Agreement may be amended or detailed in a Contract/Supplementary Agreement/Order signed by the parties.
4.6.2. In case of a conflict between this Agreement and the terms of the relevant Contract/Supplementary Agreement/Order, the terms of the signed Contract/Supplementary Agreement/Order shall prevail, but only with respect to the part expressly regulated by it.
4.6.3. The priority specified in para. 4.6.2 applies locally to the relevant project/services formalized by this Contract/Supplementary Agreement/Order, and does not change the effect of this Agreement in other respects.
4.6.4. If a contractual document does not regulate a specific issue, the provisions of this Agreement and related documents (SLA, AUP, Tariff Description, etc.) shall apply.

4.7. Powers and Actions of Representatives. The Client warrants that the person who signed the order/contract, or initiated the payment of the invoice/creation of the Account/appointment of the Administrator, is acting with proper authority. The actions of the Client's Administrator (selecting a Tariff, inviting users, agreeing to updated limits, etc.) are considered the actions of the Client.

4.8. Electronic Forms and Signing. The Parties recognize the legal force of electronic documents, electronic signatures (including simple ones), and scanned copies/PDFs, as well as acceptance by performing conclusive actions (paying an invoice), on par with paper equivalents, unless otherwise expressly prohibited by applicable law.

4.9. Confirmation of Acceptance and Logging. The Provider may keep logs (log records) of payment facts, Account creation/modification, Administrator appointment, and other Client actions, which serve as proof of acceptance and Subscription parameters.

4.10. Related Documents and Changes. The Agreement applies in conjunction with the SLA, AUP, Tariff Description, etc. (para. 1.5). The procedure for amending the Agreement is in Section 26; the priority of documents is in Section 27.

5. Account and Access

5.1. - 5.16.

5.1. Account Creation and Roles. Access to the Platform is provided within the Client's Account. The Client appoints at least one Client Administrator who manages users, roles, settings, and integrations. The Administrator's actions are considered the Client's actions (see para. 4.7).

5.2. Client's Users. Access is granted to natural persons — employees and/or engaged contractors of the Client, acting under the Client's control. The Client ensures that such persons comply with the Agreement, the AUP, and applicable law.

5.3. Named Access and Prohibition of Sharing. Each user account is tied to one specific user and cannot be transferred/used jointly. Group/shared accounts are not permitted, except for service accounts for integrations, if expressly permitted by the Provider.

5.4. Seats/Licenses and Limits. The number of active users/seats, as well as other limits, are determined by the selected Tariff and Subscription parameters. Exceeding the limits is possible only through an upgrade or separate agreement (see para. 3.7).

5.5. Authentication and Security. The Client ensures compliance with information security requirements, including:
5.5.1. using strong passwords and, where available, multi-factor authentication (recommended as mandatory for Administrators);
5.5.2. keeping user data up-to-date, timely deactivating dismissed/unauthorized persons;
5.5.3. protecting the devices and networks from which access is made;
5.5.4. keeping keys/tokens/passwords secret and immediately notifying of their compromise.

5.6. SSO and Authentication Integrations. When using SSO (e.g., Google), the Client is responsible for the correct configuration of its provider, the password/MFA policy on the provider's side, user lifecycle management, and timely revocation of rights.

5.7. API Access. If API access is provided, tokens/keys are confidential and are not to be transferred to third parties, except for contractors under the Client's control. The Client is obliged to comply with technical restrictions (rate limits, request sizes, etc.) and other terms of /legal/api-terms.

5.8. Administration and the Principle of Least Privilege. The Client is obliged to assign roles based on the 'least privilege' principle, regularly review rights, and keep a record of service and integration accounts.

5.9. Responsibility for Content and Actions. The Client is responsible for all actions in the Account, including the uploading of Client Data, the launching of Research, the creation of surveys, and work with Research Modules, as well as for compliance with third-party rights and the requirements of the AUP/DPA.

5.10. Suspicion of Compromise. Upon suspicion of unauthorized access, the Client is obliged to immediately: (i) change passwords/revoke tokens; (ii) deactivate compromised accounts; (iii) notify the Provider. The Provider has the right to temporarily suspend access until the risks are eliminated (see Section 19).

5.11. Logs and Audit. The Platform may keep technical logs (authentication, parameter changes, security events) for the purposes of ensuring security and support. The procedure for storing and accessing logs is determined by the Tariff and SLA.

5.12. Access Restriction and Blocking. The Provider has the right to restrict or block access for individual users/integrations in case of (i) a violation of the AUP or the law; (ii) a security threat; (iii) overdue payment (see Sections 8 and 19). Justified restrictions are not considered a breach of the Provider's obligations.

5.13. Deactivation and Deletion. The Client's Administrator independently manages the user lifecycle (activation/deactivation). The deletion of data and export upon termination are governed by Section 19 and the current settings of the Platform.

5.14. Access for the Client's Contractors. The Client has the right to grant access to its contractors solely for the purpose of providing services to the Client and under its control and responsibility. Any 'outsourcing' use of the Platform in the interests of third parties (not the Client) is prohibited without the separate consent of the Provider.

5.15. Trial Features. When using trial, test environments, and beta features, the Client should not upload sensitive personal data, unless otherwise expressly permitted by the Provider. Trial Features are provided 'as is' (see Section 6).

5.16. Compliance with AUP. Any use of the Account and access to the Platform are subject to the Acceptable Use Policy (AUP) /legal/aup. The Provider may require the Client to implement reasonable measures (multi-factor authentication, key rotation, password policy) to reduce risks.

6. Terms of Use for Trial Services and Beta Versions

6.1. - 6.6.

6.1. Trial Period. Trial Features are available until the earlier of: (i) the end of the period announced by the Provider for trial/pilot/beta access; (ii) the start date of any paid Subscription for the same (or equivalent) services; (iii) the Provider sending a written notice of termination of trial access.

6.2. Scope of Use. For the period of the Trial Features, the Provider grants the Client a non-exclusive, non-transferable right of access and use solely for internal evaluation and testing, in accordance with this Agreement, the AUP, and applicable documentation. Production/critically important use is not recommended and is carried out at the Client's risk.

6.3. Data and Risk of Loss.
6.3.1. Any data and settings entered by the Client within the Trial Features may be irretrievably lost at the end of the period, unless: a) the Client subscribes to a paid Subscription for the same Services; or b) before the end of the period, the Client performs an export using the available Platform tools (to the extent provided by the functionality).
6.3.2. The Client undertakes not to upload sensitive categories of data (including special categories of personal data) to Trial/beta environments, unless this is expressly permitted by the Provider and formalized in the DPA.

6.4. Functionality and Changes.
6.4.1. The Provider does not guarantee that the features available in Trial/beta versions will be available, unchanged, or equivalent in the publicly available version. The Client must separately evaluate the functionality of the purchased Services.
6.4.2. Beta features may be changed or disabled at any time without compensation (see also para. 3.11 of the Agreement).

6.5. Warranties, Support, and SLA.
6.5.1. Trial Features are provided 'as is' and 'as available' without any express or implied warranties, including merchantability, fitness for a particular purpose, non-infringement, and accuracy of results (see Section 16).
6.5.2. The Provider is not obliged to provide support for Trial/beta versions; the SLA and service credits do not apply to them.

6.6. Liability, Indemnification, and Disclaimer.
6.6.1. To the maximum extent permitted by law, the Provider's liability for Trial Services is excluded; the Client's sole remedy in case of dissatisfaction is to cease using the Trial Services (see also the limits in Section 16).
6.6.2. The Provider is not obliged to indemnify for claims related to the use of Trial/beta versions, except in cases expressly provided for by mandatory provisions of law.

6.7. - 6.8.

6.7. Termination of Trial Access.
6.7.1. The Provider has the right to terminate the Trial Services at any time by notifying the Client; in this case, access may be restricted immediately if required for security or legal reasons.
6.7.2. Upon termination of the Trial Services, the rules of para. 6.3 (data and export) shall apply.

6.8. Miscellaneous.
6.8.1. The AUP and other applicable provisions of the Agreement (including Sections 10, 11, 12, 14, 21) apply to Trial/beta versions. With regard to the processing of personal data, the DPA and the Personal Data Processing Policy shall apply.
6.8.2. Any commercial terms (prices, limits, support) are valid only for a paid Subscription and are not implied for Trial/beta versions.

7. Tariffs and Subscription

7.1. - 7.9.

7.1. Plans and Scope of Access. Access to the Platform is provided on a subscription basis within the selected plan (tariff), the parameters of which (functions, limits, user types, API/storage quotas, etc.) are published on the Tariff Description page (https://gro.now/#pricing) and are considered included in the Agreement.
7.2. Subscription Term. The Subscription is issued for a fixed term (e.g., monthly or monthly within an annual commitment, or monthly/annually – depending on the selected model), specified in the order/invoice. Unless otherwise specified, the term is automatically renewed for a similar period (auto-renewal) until the Subscription is terminated in accordance with Section 19 and para. 7.9.
7.3. Number of Seats and Limits. The number of active users/seats, as well as other limits, are determined by the selected plan and/or order. Actual usage is measured by the Platform's tools and logs. Exceeding the limits is prohibited, except in cases where an auto-upgrade or additional purchase of quotas is provided for (if available).
7.4. Plan Change (Upgrade/Downgrade).
7.4.1. An upgrade (to a higher plan/increase in seats/quotas) takes effect immediately or from the specified date; the remaining cost of the current period may be taken into account pro-rata (co-term) or through an additional invoice – as specified in the Billing Policy (legal/billing).
7.4.2. A downgrade (to a lower plan/reduction in seats/quotas) applies from the beginning of the next Subscription term, unless otherwise agreed. The Client is obliged to bring the usage into compliance with the new limits in advance.
7.5. Additional Options. Individual functions/quotas may be provided as add-ons, the terms of which are published at https://gro.now/#pricing or are specified in the order/supplementary agreement. The term of the add-on follows the term of the Subscription or is fixed separately – according to the text of the order.
7.6. Trial Periods/Pilots. If trial access is provided, it is subject to the restrictions specified in the interface/order, as well as the provisions on Trial Features (para. 3.11). At the end of the trial period, access is terminated or converted into a paid Subscription upon the Client's express consent.
7.7. Changes to Plan Parameters. The Provider has the right to update plans (functions/limits), provided that a significant degradation of the base volume for an existing paid Subscription is not permitted until the end of its current term, unless otherwise agreed. Updates are published at https://gro.now/#pricing.
7.8. Usage Accounting.
7.8.1. The Platform keeps a record of events, requests, storage volumes, and other metrics to calculate compliance with limits/quotas. Such data may be used for billing, reporting, and applying measures under the AUP/SLA.
7.8.2. Acceptance acts are not issued. Within the framework of this Agreement, acts of services rendered are not drawn up or signed. The accounting data of the Platform serves as confirmation of the volume and fact of the Service provided.
7.8.3. Platform Reports. Usage reports are generated by the Platform's tools and are available in the personal account/can be downloaded in supported formats. Such reports and system logs are proper proof of the calculated metrics, unless the Client proves otherwise in writing in the manner set forth in para. 8.3.
7.9. Cancellation of Auto-Renewal and Termination. The Client may disable auto-renewal before the renewal date, observing the notification periods specified at /legal/billing (if no period is specified – at least 30 calendar days). Termination of the Subscription entails the consequences and the procedure for exporting/deleting data in accordance with Section 19.

8. Prices, Settlements, and Taxes

8.1. Fee and Currency. The cost of the Subscription, add-ons, overage use, and other paid options (collectively, the 'Fee') is specified in the Provider's order/invoice and/or on the page https://gro.now/#pricing. Unless expressly stated otherwise, prices do not include taxes and are applied in the currency specified in the invoice (KZT / USD / EUR). Bank commissions and transfer costs are borne by the payer.

8.2. Invoices and Payment Terms (Subscription). Invoices for the Subscription period are issued in advance and are payable no later than the start date of the corresponding paid Subscription period. In the absence of payment by the specified date, access/renewal is not activated (or may be suspended) until the funds are received.

8.3. Acceptance by Reporting Period and Disputes.
8.3.1. Taking into account the advance payment model, disputing an invoice before the end of the reporting period is permitted only in case of obvious technical errors (incorrect currency/rate/period/duplication).
8.3.2. At the end of each reporting month, the Platform generates a usage report (volumes, limits, add-ons, overage), which is available to the Client's Administrator in the interface/download.
8.3.3. The Client has the right to send a reasoned claim regarding the volume/quality of the Service provided within 3 business days from the end date of the corresponding reporting month.
8.3.4. In the absence of a reasoned claim within the specified period, the Service for the reporting month is considered to have been rendered in full and of proper quality, and the usage volumes are considered agreed upon. The undisputed part is subject to payment/set-off in the general order.

8.4. Taxes and Withholdings.
8.4.1. Prices are quoted exclusive of VAT and other indirect/direct taxes; if applicable, they are charged in addition to the price and are paid by the Client.
8.4.2. Payments under the Agreement are made without withholdings and deductions. If the Client's law requires withholding tax at source, the Client shall increase the payment (gross-up) so that the Provider receives the full amount, and shall provide supporting documents (withholding/remittance certificate).
8.4.3. Upon the Client's request, the Provider shall provide a certificate of tax residency for the purposes of applying double taxation treaties (if applicable).

8.5. Price Changes. The Provider has the right to change public prices and/or billing conditions for future periods. For existing paid Subscriptions, the price is unchanged until the end of the current term; the new price applies from the next renewal with a notice of at least 5 calendar days before the renewal date (unless otherwise agreed in the order).

8.6. Overage and Additional Services. Payment for additional services (including under Supplementary Agreements/Orders) and overage use is made in advance or post-factum – as specified in the invoice:
8.6.1. if the invoice specifies advance payment – it is made before the start of the provision of the relevant additional service/work;
8.6.2. if the invoice specifies post-factum payment – the payment term is 3 (three) business days from the date of the invoice. Additional services not paid for in advance are not activated; post-factum debt may lead to suspension under para. 8.2. The Provider has the right to combine items in consolidated invoices.

8.7. Prohibition of Set-off. The Client is not entitled to withhold or set off amounts unilaterally, except in cases expressly provided for by the agreement of the Parties.

8.8. Refunds and Service Credits. Monetary refunds for paid periods are not provided, unless otherwise expressly stated in the order/invoice or the Billing Policy (/legal/billing). Compensation for SLA violations are service credits (see https://app.gro.now/legal/sla), which are not converted into money and are applied to future payments.

8.9. Currency of Settlements and Exchange Rates. When paying in a currency other than that specified in the invoice, the conversion and related commissions are borne by the payer; the amount actually credited to the Provider's account in the invoice currency is accepted for settlement.

8.10. Anti-Fraud and Payment Compliance. The payer of the invoice must be the Client itself or its affiliate, expressly specified in the order. The Provider has the right to reject a payment from another person until the grounds are confirmed and/or to request KYC/AML information within reasonable limits.

8.11. Billing Priority. Special price/payment/indexation conditions agreed in a Contract/Supplementary Agreement/Order have priority over this Section. The Billing Policy (/legal/billing) supplements this Section and applies to the extent not regulated by the order.

9. Acceptable Use

9.1. AUP as Part of the Agreement. The use of the Platform is governed by the Acceptable Use Policy (AUP), located at /legal/aup, which is an integral part of the Agreement.
9.2. Basic Prohibitions. The Client and its Users undertake not to:
9.2.1. violate the law and third-party rights, upload/process illegal content;
9.2.2. attempt to bypass technical restrictions, conduct unauthorized access, or penetration tests without consent;
9.2.3. carry out reverse engineering, deobfuscation, scraping, and automated data collection outside the functions provided by the Platform;
9.2.4. transfer access to third parties, share user accounts or tokens;
9.2.5. exceed the established limits and quotas, abuse the API/integrations.
9.3. Monitoring and Measures. The Provider has the right to apply reasonable technical means to monitor compliance with the AUP, and in case of a violation, to restrict/suspend access (in whole or in part) until the violations are rectified (see Sections 5, 19), as well as to request explanations and corrective measures.
9.4. Priority of AUP. In case of a discrepancy between this Section and the AUP, the AUP shall prevail. Updates to the AUP are published at /legal/aup and apply in the manner set forth in Section 26.

10. Data and Results

10.1. - 10.12.

10.1. Definitions (for the purposes of this section)
10.1.1. Client Data – any data, materials, and information (including personal data) uploaded/provided by the Client to the Platform or received from integrations connected at the Client's choice.
10.1.2. Data from Open Sources – information aggregated by the Platform from publicly available Internet sources, including, but not limited to, review systems, navigators, media/articles, social networks, competitor websites, and other public resources.
10.1.3. Data Owners - natural/legal persons who own the rights to the respective sources from which Data from Open Sources enters the Platform.
10.1.4. Results - any reports, visualizations, indicators, and other output materials automatically generated by the Platform based on Client Data and/or Data from Open Sources (including Research Results).

10.2. Data Rights and Licenses
10.2.1. Client's Ownership. All rights to Client Data are retained by the Client. The Provider does not acquire any rights to them, except for the limited license under para. 10.2.3.
10.2.2. Rights of Data Owners. The rights to Data from Open Sources belong to the respective Data Owners; the Platform processes only publicly available information to the extent permitted by law and the rules of the platforms.
10.2.3. License to the Provider. The Client grants the Provider a non-exclusive, royalty-free license, limited in purpose and for the term of the Agreement, to use Client Data solely for: (i) providing and supporting the Services, (ii) improving the operation of the Services (see para. 10.7 for details), (iii) ensuring security/backup, (iv) complying with legal/authority requirements if there is a legal basis.
10.2.4. Results. Unless otherwise expressly stated in an order/supplementary agreement, the rights to the Results (as a set of automatically generated materials), excluding the Provider's materials/IP (source code, models, algorithms, templates), belong to the Client.

10.3. Data Collection and Processing
10.3.1. Client Data. The Client guarantees the legality of uploading/using, the existence of all necessary rights/bases (including the consent of subjects if necessary), and compliance with the AUP/applicable law.
10.3.2. Data from Open Sources (Aggregation). The Provider carries out the automated collection, aggregation, and processing of Data from Open Sources, including the application of AI technologies and filtering/'cleaning'. The Provider makes reasonable efforts to ensure the quality of processing, but does not guarantee the absolute accuracy, completeness, or timeliness of such data; they are provided 'as is'.
10.3.3. Independence from Sources. The Provider does not control the availability and composition of Data from Open Sources; the suspension of access to data/modification/deletion of information by Data Owners is not a breach by the Provider and is not a deterioration in the quality or completeness of the Services.

10.4. Restrictions, Publication, and External Use
10.4.1. Internal Use. The Client shall use the Data (including the Results) exclusively for its own internal needs.
10.4.2. Compliance with Data Owner Restrictions. The Client undertakes to independently comply with all legal/technical restrictions of the Data Owners (consent for use, terms of use, robots.txt, etc.).

10.5. Accuracy, Liability, and 'As Is' Condition
10.5.1. The Provider is not liable for: (i) errors/inaccuracies/distortions in Data from Open Sources; (ii) the consequences of the Client's decisions made on the basis of the Results. The Client independently verifies the suitability of the Results for its purposes.
10.5.2. The Provider has the right to suspend or restrict access to individual data/functions if: a) the Data Owner has imposed restrictions; b) access to the sources is suspended/terminated; c) the Client violates the Agreement or the rules of the respective sources; d) it is necessary to comply with the law/protect the rights of third parties.

10.6. Export, Storage, and Deletion
10.6.1. Export. During the Subscription period, the Client has the right to export the Results and, where provided for by the functionality, copies of Client Data, in supported formats.
10.6.2. Storage and Backups. The Provider ensures storage and backup to the extent necessary to provide the Services and comply with the SLA; technical backups are retained for a limited time and are then overwritten.
10.6.3. Deletion/Anonymization. At the request of the Client's Administrator, the Provider shall delete/anonymize data within the functional/legal possibilities. The procedure upon termination is in Section 19.

10.7. Use for Service Improvement. By default, the Provider does not use the content of Client Data/Results to improve the Services in a form that allows for the identification of the Client/subjects. The use of anonymized aggregated metrics (performance indicators, error types) for monitoring quality/security is permitted.

10.8. System Data and Usage Accounting. The Platform may collect telemetry, authentication/event logs, performance metrics, and consumption accounting (for billing, SLA, AUP, and support). This data does not include the content of Client Data, unless it arises from an incident/support request.

10.9. Third-Party Claims and Indemnification. In case of claims from Data Owners/third parties related to the Client's use of the Results/Data contrary to the Agreement or the terms of the sources, the Client shall, upon request, provide documents/explanations, and shall also indemnify the Provider for reasonable damages, fines, and expenses (including defense costs) to the extent consistent with Section 18.

10.10. Content Restrictions. It is prohibited to upload/process in the Platform categories of data prohibited by the AUP or expressly restricted by law/documentation (e.g., particularly sensitive PD – if not provided for functionally and by a separate agreement).

10.11. Security Incidents. In case of a confirmed Security Incident, the Provider shall act according to the notification and response procedures established in the DPA and security policies, and shall take reasonable measures to restore integrity/availability.

10.12. Form of Analytics Provision. The Provider provides analytical materials exclusively in the Platform's interface; they are generated automatically and are not subject to manual revision or provision as separate documents, unless otherwise expressly provided for in a Supplementary Agreement/Order.

11. Confidential Information and Personal Data

11.1. Confidential Information (CI): Definition. CI means any non-public information disclosed by one Party to the other in oral, written, electronic form, or through the Platform, marked as 'confidential' or obviously being such by its nature and the circumstances of disclosure (including commercial plans, finances, technologies, architecture/models/algorithms, source texts, keys/tokens, user data, transaction/price terms, security, Client Data, and Results).

11.2. Exclusions. CI does not include information that: a) has become publicly available without a breach of the Agreement; b) was already lawfully known to the receiving Party before disclosure; c) was received from a third party without restriction and without a breach of its obligations; d) was independently developed by the receiving Party without using the disclosing Party's CI.

11.3. CI Obligations. The receiving Party undertakes to: a) use CI exclusively for the purposes of performing this Agreement; b) not disclose CI to third parties without the prior written consent of the disclosing Party, except for permitted contractors/sub-processors engaged for performance and bound by equivalent confidentiality obligations; c) ensure a 'no less than reasonable' level of protection (and, where applicable, no lower than standard industry security measures); d) grant access to CI only to employees/contractors on a need-to-know basis and not to use CI to the detriment of the disclosing Party.

11.4. Term of Confidentiality. The Parties shall observe the confidentiality regime with respect to CI for 3 years from the moment of each actual disclosure/transfer of the relevant CI.

11.5. Compelled Disclosure. In case of a legal/governmental requirement to disclose CI, the receiving Party shall (to the extent permissible) promptly notify the disclosing Party and shall disclose only the necessary part of the CI, taking reasonable measures to maintain the confidential regime (including petitioning for a closed hearing/protective order).

11.6. Return/Deletion. At the request of the disclosing Party or upon termination of the Subscription, the receiving Party shall return or delete the CI within a reasonable time, except for: (i) backup copies deleted according to the backup lifecycle; (ii) archival copies retained for legal/internal reporting purposes while continuing to observe the confidentiality regime.

11.7. Breach and Remedies. A breach of the CI regime may cause irreparable harm; in addition to damages, the disclosing Party has the right to seek an injunction/other preventive remedy without the need to prove the inadequacy of monetary compensation.

11.8. Priority of a Separate NDA. The Parties may enter into a separate Non-Disclosure Agreement (NDA). In case of a conflict between this Section and a signed NDA, the terms of the NDA shall prevail, but only with respect to the part expressly regulated by it.

11.9. Personal Data.
11.9.1. If personal data is processed in the use of the Platform, the Parties shall be guided by the DPA (/legal/dpa) and the Privacy Policy (/legal/privacy). Roles: Client – operator/controller, Provider – processor (where applicable).
11.9.2. Security procedures, incident notifications, cross-border transfers, and sub-processing are governed by the DPA and the Sub-processors page (/legal/subprocessors).
11.9.3. Nothing in this Section limits the Parties' obligations under the DPA and applicable PD law; in case of a conflict, the DPA shall prevail with respect to PD.

12. Security and Incidents

12.1. Approach and Distribution of Responsibilities. Security is provided on a shared responsibility model:
12.1.1. The Provider is responsible for the security of the Platform and the cloud infrastructure on which it is hosted (perimeter, computing resources, networks, storage, backup, logs, monitoring and response tools).
12.1.2. The Client is responsible for the security of its Account and users (access/role management, SSO/MFA, password policy, protection of endpoints/networks, secure use of APIs and integrations), as well as for the legality of the uploaded data.

12.2. Technical and Organizational Measures (TOMs). The Provider maintains and regularly updates a reasonable set of security measures, including, at a minimum:
12.2.1. encryption of data in transit (TLS) and at rest (at the storage/key cloud service level);
12.2.2. access control based on the 'least privilege' principle, role segregation, multi-factor authentication for administrative access;
12.2.3. environment segmentation, secret/key management, token rotation;
12.2.4. logging of authentication/access/significant system events and their monitoring;
12.2.5. backup and periodic recovery testing;
12.2.6. secure development and change management (code review, vulnerability analysis, managed releases);
12.2.7. risk assessment and management, personnel training on security and confidentiality.

12.3. Audits and Standards. The Provider may undergo external reviews/assessments (e.g., according to industry standards) and, upon the Client's request, provide summary reports/attestation letters and a list of key controls under an NDA. The provision of source artifacts and access to the Provider's environments is not carried out.

12.4. Penetration Testing and Scanning. Unauthorized scanning/pen-tests by the Client with respect to the Platform are prohibited. Testing is permitted only with the prior written consent of the Provider, within an agreed window and methodology, without access to the data of other clients.

12.5. Incident Notification. In case of a confirmed Security Incident affecting Client Data or the Client's confidential information, the Provider will notify the Client without undue delay (target of within 72 hours after confirming the fact of the incident) with available information about the nature, scale, and measures taken and planned. Additional notifications and interaction are carried out in accordance with the DPA and applicable law.

12.6. Response and Impact Limitation. The Provider has the right to temporarily suspend certain functions/the Client's access if it is necessary to contain/neutralize an incident or eliminate a critical vulnerability, with subsequent restoration of functionality as the risks are removed (see Section 19 and the SLA https://app.gro.now/legal/sla).

12.7. Notification and Coordination. The Parties shall appoint contact persons for the exchange of operational information on incidents. The Client undertakes to: a) promptly report discovered vulnerabilities/suspicious activities in its Account; b) follow the Provider's reasonable instructions to reduce risks (including enabling MFA, revoking tokens, changing passwords); c) maintain the confidentiality of incident details until official communications.

12.8. Client's Responsibility for Accounts. All actions performed using the Client's accounts, keys, and integrations are considered the Client's actions. The Client is obliged to promptly deactivate the access of dismissed/unauthorized persons and to revoke compromised keys/tokens (see paras. 5.5, 5.10).

12.9. Business Continuity and Recovery. The Provider maintains measures to ensure business continuity and disaster recovery (BCP/DR), including backup of critical components and a procedure for restoring services within reasonable timeframes agreed in the SLA.

12.10. Vulnerabilities and Responsible Disclosure. The Provider maintains a process for triaging/remediating vulnerabilities. We ask that you report discovered vulnerabilities to the Provider's designated security channel; public disclosure is permitted only after an agreed period/remediation with the Provider, so as not to create risks for the Client and other users.

12.11. Sub-processing and Suppliers. The engagement of sub-processors and cloud providers is permitted in compliance with comparable security measures and the DPA. The current list is on the /legal/subprocessors page; the Provider conducts a reasonable review of key providers and monitors compliance with contractual security requirements.

12.12. Logs and Storage. The retention periods for access/event logs and the format of their provision to the Client (if applicable) are determined by the Platform's functionality, documentation, and the SLA. Access to 'raw' infrastructure logs may be restricted for security and privacy reasons of other clients.

12.13. Limitation of Liability and Relationship with the DPA. This Section governs the security of the Platform and the interaction of the Parties in case of incidents. The procedure for processing personal data, notifying subjects/regulators, and other PD requirements are governed by the DPA; with respect to PD, the terms of the DPA shall prevail.

13. SLA and Support

13.1. Applicability of the SLA. Service levels are governed by the SLA document (https://app.gro.now/legal/sla), which is an integral part of the Agreement and is valid within the paid Subscription and selected plans/tariffs.

13.2. Availability and Metrics. The target indicators (service availability, response/recovery time, incident prioritization, uptime measurement) are defined in the SLA. Measurement is carried out based on the Provider's logs and monitoring.

13.3. Service Credits (Sole Remedy). For deviations from the target indicators, service credits are provided, the calculation and application procedure for which is established in the SLA. Service credits are the sole and exclusive remedy for SLA violations and are not converted into money.

13.4. Exclusions. The SLA does not apply to: (i) scheduled maintenance windows, announced according to the SLA rules; (ii) cases caused by the Client's violation of the AUP/Agreement; (iii) failures in third-party services/the Client's infrastructure/Internet providers; (iv) Trial Features and test environments; (v) force majeure circumstances.

13.5. Credit Application Procedure. To receive a service credit, the Client shall send an application within the timeframes and in the manner specified in the SLA, indicating the affected intervals and supporting data. Failure to meet the application deadline forfeits the right to a credit for the corresponding period.

13.6. Support. The channels, business hours, support languages, request prioritization, target response times, and escalation are specified in the SLA (https://app.gro.now/legal/sla). Requests concerning security/incidents are submitted to a dedicated channel (see Section 12).

13.7. Scheduled Maintenance. The Provider has the right to carry out scheduled maintenance in agreed windows. Notifications are published in advance in the manner established by the SLA (and, if necessary, in the Platform's interface).

13.8. Relationship with Other Documents. In case of a conflict between this Section and the SLA, the SLA shall prevail; issues of billing for service credits are governed by Section 8 and the Billing Policy (/legal/billing).

14. Integrations and Third-Party Services

14.1. General Provisions. The Platform may interact with third-party services and providers (including authentication/SSO providers, schedulers, payment services, content storage/delivery systems, analytical tools, as well as providers of large language models – LLMs). Such services are not controlled by the Provider and are provided under the terms of the respective third parties.

14.2. LLMs and Generative Components.
14.2.1. Certain functions of the Platform use third-party LLMs (as sub-processors/technology suppliers) for analysis, summarization, text generation, and other operations.
14.2.2. The transfer of input data (prompts/content/metadata) to such providers is carried out only to the extent necessary for the operation of the corresponding function and within the framework of the DPA and the list of sub-processors (/legal/subprocessors).
14.2.3. By default, the Provider does not use Client Data to train external models; training is permitted only on anonymized aggregated metrics or with the Client's separate opt-in.
14.2.4. The outputs of LLMs are probabilistic and may contain inaccuracies; the Client is obliged to conduct a reasonable review and not to rely on them as legal, medical, financial, or other professional advice.

14.3. Connection of Integrations at the Client's Choice. When connecting external integrations (including SSO, calendars, CRM, storage), the Client confirms that it has the right to transfer data to such services, independently complies with their terms, and configures privacy/security settings. The Client bears the risks associated with incorrect configuration of integrations on its side.

14.4. Liability and Limitations. The Provider is not responsible for: a) the availability/quality/changes in the functionality of third-party services (including LLM providers); b) the consequences of changes to their APIs/quotas/policies; c) incidents caused by failures/restrictions on the part of such services. However, the Provider shall take reasonable measures to provide replacements/workarounds if it is commercially reasonable.

14.5. Changes and Replacements of Providers. The Provider has the right at any time to replace, add, or disable a specific integration/supplier (including an LLM), provided that this does not lead to a significant degradation of the base volume of functions under the current Subscription. The list of key sub-processors is maintained at /legal/subprocessors; changes are published in the manner specified in the DPA.

14.6. Cross-Border Processing. The use of certain providers (including LLMs) may entail the cross-border transfer of data. Such a transfer is carried out under the legal mechanisms provided for in the DPA and applicable law; upon the Client's request, the Provider shall provide information about the relevant jurisdictions and suppliers.

14.7. Data Minimization and Masking. The Provider implements the principles of minimization and, where functionally available, masking/anonymization of input data when making requests to LLMs. The Client undertakes not to transfer personal data and other sensitive information in prompts/content, unless it is necessary to achieve the purpose of processing and is not provided for by the functionality/contract.

14.8. Licenses and Third-Party Rights. When using materials from external sources within integrations, the Client ensures the existence of the necessary rights/licenses and compliance with the requirements of the Data Owners (see Section 10). The publication/distribution of materials outside the Client's internal needs is permitted only in compliance with the terms of the respective sources and the Agreement.

14.9. Security of Integrations. Technical protection measures for data exchange with third-party services include encryption in transit and access control with tokens/keys. The Client is obliged to keep integration keys/secrets confidential and to immediately revoke compromised keys. The Provider has the right to temporarily block an integration upon suspicion of compromise (see Sections 5 and 12).

14.10. Disconnection upon Request. Upon the Client's reasoned request, the Provider may disable the use of certain integrations/providers (including LLMs) to the extent permitted by the Platform's architecture and commercial feasibility. Such a disconnection may lead to a limitation of functionality.

14.11. Priority of Documents. In matters of personal data processing and sub-processors, the DPA and the sub-processors page shall prevail; in case of a conflict between this Section and the terms of a specific integration/order — the signed document shall prevail (see para. 4.6).

15. Intellectual Property

15.1. Provider's Rights to the Platform. All rights to the gro.now Platform and its components – including, without limitation, the software code, architecture, models/algorithms (including AI models), data schemas, design/UX, documentation, templates, SDK, API, as well as to the knowledge bases and other materials created or lawfully acquired by the Provider – belong to the Provider or are used by it on legal grounds. This Agreement does not transfer any exclusive rights to such objects to the Client.

15.2. License to the Client for the Subscription Period. For the term of the paid Subscription, the Provider grants the Client a limited, non-exclusive, non-transferable license, without the right to sublicense, to access and use the Platform strictly within the scope of the selected plan, the AUP, and other documents (para. 1.5). Any use outside the specified scope requires the separate written consent of the Provider.

15.3. Client Data and Results. The rights to Client Data and the Results belong to the Client in the manner set forth in Section 10. However, neither Client Data nor the Results grant the Client any rights to the Provider's IP objects (source code, models, algorithms, templates, etc.), even if the Results are generated by the Platform's tools.

15.4. Customizations and Developments on Assignment. Developments, modifications, and integrations performed by the Provider under a Supplementary Agreement/Order belong to the Provider, unless otherwise expressly agreed in such a document. The Client is granted a license to use the results of such work within its business objectives and for integration with the Platform. If the Parties wish for a different allocation of rights (e.g., alienation/co-ownership), this shall be recorded in the text of the Supplementary Agreement/Order.

15.5. Feedback. The Client may send comments, ideas, and suggestions for improvement. The Client grants the Provider a non-exclusive, irrevocable, perpetual, and worldwide license, free of charge, to use such feedback for the development/improvement of the Platform without any obligation of attribution and without any payments to the Client.

15.6. Prohibitions Related to IP. Without the prior written consent of the Provider, the Client is not entitled to: a) copy, modify, adapt, distribute, lease/temporarily use the Platform or its parts; b) carry out reverse engineering, decompilation, circumvention of technical protection measures, except in cases expressly permitted by law and the AUP; c) use the Platform and/or its results to train or improve its own models/systems intended for competing or similar functionality, as well as for benchmarking for public publication without the Provider's consent; d) remove/change notices of copyright, trademarks, and other rights.

15.7. Third-Party Components and Open Source Software. The Platform may include or use third-party components (including LLMs, open source software libraries). Such components may be subject to separate licenses/terms, available via links in the documentation/interface. In case of a conflict between such terms and this Agreement, the terms of the respective licenses shall apply to the extent of the use of such components.

15.8. Trademarks and Publicity. The trademarks, trade names, and branding of the Parties shall be used only with their prior written consent, unless otherwise provided for in Section 22 (Publicity and Use of Marks).

15.9. Limitation of Implied Rights. Except for the rights expressly granted in the Agreement and/or orders, no licenses or rights are implied (including by the doctrine of estoppel). All rights not granted to the Client are expressly reserved by the Provider.

15.10. Residual Knowledge. Nothing in the Agreement prevents the Provider's employees/contractors from using general knowledge, skills, and ideas not protected by confidentiality, retained in memory, provided that the Client's Confidential Information (Section 11) is not disclosed and the IP rights of the Client/third parties are not infringed.

15.11. Infringement of Third-Party IP. The procedure for settling third-party claims of IP infringement by the Platform, as well as indemnification and remedies, are defined in Section 18 and this Section. The Provider may, at its option: (i) modify the Platform, (ii) replace the component, (iii) obtain a license, or (iv) cease providing the affected functionality with a proportional adjustment of the payment (if applicable).

16. Warranties and Disclaimers

16.1. Mutual Basic Warranties. Each Party represents and warrants that: (i) it is duly established and has the authority to enter into and perform the Agreement; (ii) the person accepting the terms/signing the documents is authorized; (iii) performance does not violate mandatory provisions of law and the Party's contracts.

16.2. Provider's Limited Warranty. The Provider will provide access to the Platform and related Services with reasonable professional care and in substantial compliance with the published documentation and the SLA. This warranty does not apply to: (i) use contrary to the Agreement/AUP/documentation; (ii) failures of third-party services/the Client's infrastructure/the Internet; (iii) Trial Features and test environments; (iv) force majeure circumstances.

16.3. Disclaimer of Warranties.
16.3.1. To the maximum extent permitted by law, the Platform, its functions (including generative/LLM components), the Results (including those generated based on Data from Open Sources), and any related information are provided 'as is' and 'as available'.
16.3.2. The Provider expressly disclaims any express, implied, statutory, or other warranties, including, without limitation, merchantability, fitness for a particular purpose, non-infringement, accuracy/completeness of data, and continuous/error-free operation beyond the SLA. The Provider does not guarantee that the Client will achieve any business results.

16.4. LLMs and Analytics. The outputs of LLMs and other AI results are probabilistic and may contain inaccuracies, bias, or omissions. They are not legal, financial, medical, or other professional advice. The Client is obliged to verify their suitability and correctness before using them in decision-making.

16.5. Open Sources and External Services. The availability, composition, and quality of Data from Open Sources and the functions of third-party services (including review services, classifieds websites, public maps, LLM/SSO/other integration providers) are not controlled by the Provider and may change or be discontinued without the Provider's fault. The relevant disclaimers and limitations are set forth in Sections 10 and 14.

16.6. Client's Warranties. The Client warrants that: (i) it has all the necessary rights to Client Data and their use in the Platform; (ii) it will comply with the Agreement, the AUP, the DPA, and applicable law; (iii) it will not rely on the Platform as a substitute for independent expertise/verification where required by law or the nature of the decision.

16.7. Exclusive Remedy for Availability. For violations of the service level indicators specified in the SLA, the sole remedy is service credits under the SLA (see Section 13); no other availability warranties are provided.

16.8. Survival. The disclaimers in this Section shall survive the termination of the Subscription/Agreement and supplement, but do not replace, the provisions of Sections 10, 12–14, and 17.

17. Liability and Its Limitations

17.1. General Rule. Each Party is liable for a breach of the Agreement to the extent established by this Section, only in case of fault and only for direct, documented damages that are causally related to the breach and were reasonably foreseeable at the time the Agreement was concluded.

17.2. Exclusion of Indirect Damages. The Provider is not liable for lost profits, loss of revenue/contracts/goodwill, business interruption, loss or corruption of data, indirect, incidental, special, punitive, and other consequential damages, even if the Party was notified of the possibility of their occurrence, except in cases where such a limitation is expressly prohibited by applicable law.

17.3. Liability Cap. The aggregate liability of each Party under the Agreement is limited to the amount of the Fees actually paid by the Client under the Agreement for the 12 months immediately preceding the event giving rise to liability (and if less than 12 months have passed – the amount paid for the actual period that has passed).
17.3.1. For trial/free access, the limit is 0 (zero), except in cases of intent or gross negligence.
17.3.2. All multiple claims/incidents in the aggregate do not exceed the specified limit.

17.4. When the Liability Cap Does Not Apply. The limitation in para. 17.3 does not apply to a Party's liability for: (i) intent or gross negligence; (ii) breach of confidentiality obligations (Section 10); (iii) a confirmed infringement of third-party intellectual property rights by the Platform to the extent of the Provider's indemnification obligation described in para. 18.1; (iv) violations of personal data requirements that arose as a result of the Party's breach of its obligations under the DPA; (v) amounts of undisputed debt for Services rendered.

17.5. Related Documents and Sole Remedy. For deviations from the SLA, service credits under Section 13 shall apply, which are the sole remedy for a breach of availability indicators and are not cumulative with other indemnifications for the same periods/events.

17.6. Third-Party Services and Open Sources. A Party is not responsible for the unavailability/changes in the functionality of third-party services (including LLMs, SSO, etc.) and/or for the composition/accuracy of Data from Open Sources, see Sections 10 and 14. This limitation does not release the Parties from fulfilling the obligations expressly assumed under the DPA and for security.

17.7. Mitigation of Damages. Each Party is obliged to take reasonable measures to minimize damages. The Provider has the right to apply workarounds/temporary recovery measures; their application is not considered a breach if it complies with the SLA/Agreement.

17.8. Contributory Negligence and External Causes. A Party's liability is reduced in proportion to the fault/negligence of the other Party or the influence of circumstances beyond the breaching Party's control (including the actions of third parties/sources, failures of the Client's infrastructure/the Internet, force majeure - see Section 25).

17.9. Form of Claims. Any claims for damages must be reasoned, contain a calculation and supporting documents, and be sent in the manner set forth in Section 23. The undisputed part is subject to payment in the general order.

17.10. Precedence of Limitations. This Section applies regardless of the legal qualification of the claims (contract, tort, etc.) and shall survive the termination of the Agreement. If applicable law does not permit the exclusion/limitation of liability – such exclusions/limitations shall apply to the maximum extent permitted.

18. Indemnification

18.1. Provider's Indemnification Obligation. The Provider shall indemnify the Client for reasonable damages, expenses, and amounts under court decisions/settlement agreements (including reasonable legal fees) arising in connection with a third-party claim that the Platform in its unchanged form infringes the current intellectual property rights of such third party in the applicable jurisdiction.
18.1.1. Remedies. In the event of such a claim, the Provider shall, at its option and expense: a) modify or replace the relevant functionality with a non-infringing equivalent; or b) cease providing the affected functionality with a proportional credit/refund for the unused paid period (if applicable).
18.1.2. Exclusions. Indemnification is not provided if the claim is caused by: a) the use of the Platform in combination with products/data/services not provided by the Provider; b) improper/unauthorized use contrary to the Agreement, the AUP, and related documents (see para. 1.5); c) modifications not performed by the Provider; d) Trial Features; e) third-party services/integrations or Data from Open Sources; f) the Client's materials (including Client Data, Results, the Client's publications).

18.2. Client's Indemnification Obligation. The Client shall indemnify the Provider for reasonable damages, expenses, and amounts under court decisions/settlement agreements (including reasonable legal fees) if a third-party claim is related to: a) Client Data, the content of Research, surveys/scripts, the publication/distribution of Results by the Client; b) the Client's violation of the AUP, applicable law, the terms of sources/Data Owners, including restrictions on the use of Data from Open Sources (see Section 10); c) the use of the Platform by third parties to whom the Client has unlawfully granted access/allowed the sharing of user accounts or keys; d) claims from personal data subjects/regulators caused by the Client's breach of its obligations under the DPA/law; e) infringement of third-party intellectual property rights by the Client's materials or combinations/integrations performed by the Client.

18.3. Procedure (Mandatory for Both Parties). The Party seeking indemnification is obliged to: (vi) immediately notify the other Party in writing of the claim (a delay releases from liability to the extent of the damage caused); (vii) grant exclusive control over the defense and settlement to the Party obliged to indemnify (provided that a settlement imposing obligations/admission of guilt on the other Party is permitted only with its written consent); (viii) provide reasonable assistance and documents/data.

18.4. Limitations and Priorities.
18.4.1. Indemnification under para. 18.1 is the sole and exclusive remedy of the Client for IP claims against the Platform.
18.4.2. The exclusions/limits of liability in Section 17 apply, except in cases expressly excluded from the limit (see para. 17.4); however, the prohibition on indemnification for indirect damages (para. 17.2) applies, unless otherwise prescribed by a mandatory provision of law or agreed in writing.
18.4.3. Nothing in this Section limits a Party's right to preventive remedies for confidential information (para. 11.7).

18.5. Consistency with Section 10 (Data Owners). For clarity: claims/restrictions from Data Owners or platforms in connection with the Client's use of Data from Open Sources and/or the publication of Results outside of internal needs are covered by the Client's indemnification liability (para. 18.2) and are governed by the restrictions in Section 10.

18.6. Mitigation. Each Party undertakes to cooperate in good faith to reduce damages, to take reasonable technical/organizational measures to mitigate risks, and not to take actions that unreasonably increase the amount of potential indemnification.

19. Suspension and Termination

19.1. Grounds for Suspension (in whole or in part). The Provider has the right to temporarily suspend access to the Platform (Account, individual functions/integrations) if any of the following grounds exist: 19.1.1. Non-payment: overdue payment for a subscription, services. 19.1.2. Violation of AUP/Agreement: use that creates legal/security risks, violation of third-party rights, attempts to bypass restrictions, unfair consumption. 19.1.3. Security risks/incident: confirmed or reasonably suspected compromise of credentials, API keys, unauthorized access, distribution of malicious code (see Section 12). 19.1.4. Sanctions/export control/anti-corruption: grounds under Section 21. 19.1.5. Legal/authority requirement: the need to comply with mandatory norms/prescriptions of state authorities. 19.1.6. Sources/Data Owners: restrictions from Data Owners/platforms or termination of access to sources (see Section 10) – with respect to the relevant functionality/data.

19.2. Procedure and Scope of Suspension. Suspension is applied to the minimum necessary extent and for a period sufficient to eliminate the causes. The Provider shall, where possible, send a notification in advance or immediately after the suspension (Section 22), except in cases where immediate action is necessary to prevent damage.

19.3. Restoration of Access. Access is restored no later than the next business day after the elimination of the causes of the suspension (payment, confirmation of the correction of violations, security measures, etc.). The Provider may request supporting documents/actions (including changing passwords, revoking tokens, enabling MFA). Reactivation fees may apply for repeated suspensions due to the Client's fault.

19.4. Termination by the Client.
19.4.1. Without cause (for the future): The Client has the right to terminate the Subscription by disabling auto-renewal under para. 7.9 with termination at the end of the current paid term.
19.4.2. Material breach by the Provider: The Client's right to terminate the Agreement arises only after the sequential completion of the following steps: (i) the Client's request in the manner and within the timeframes provided for in the SLA (opening an incident/ticket, providing information, requesting a service credit, and other actions under the SLA procedures), and the failure to rectify the breach within the recovery/response times established by the SLA, or the Provider's unreasonable refusal to apply the measures provided for in the SLA; and (ii) the Client sending a written claim in the manner set forth in para. 20.2. If, after receiving the claim, the breach is not rectified within 10 calendar days, the Client has the right to terminate the Agreement. A deviation from the target SLA indicators in itself, with the proper provision of service credits, is not considered a material breach and does not give the right to terminate, unless otherwise expressly provided for in the SLA/signed documents.

19.5. Termination by the Provider.
19.5.1. A material breach by the Client (including a repeated/significant violation of the AUP, overdue payment, violation of the DPA/Section 20), not rectified within 10 calendar days from the moment of notification (or another reasonable period specified in the notification, if a security/legal risk requires faster rectification).
19.5.2. Impossibility of lawfully providing the Services: a prolonged (more than 30 days) impossibility of lawfully providing certain functions/data for reasons beyond the Provider's control (sanctions, prohibitions by Data Owners, regulatory requirements). In such a case, termination is permitted selectively with respect to the affected functions with a proportional adjustment of future payments (if applicable).

19.6. Automatic Termination. The Agreement is automatically terminated upon the liquidation of a party (except for reorganization with universal succession), or upon a court injunction prohibiting the provision of the Services to the Client coming into force.

19.7. Consequences of Termination.
19.7.1. Access: on the date of termination, access to the Platform is terminated, except for the data export window described below.
19.7.2. Export of data/Results: within 30 calendar days after termination (unless otherwise specified in the order/DPA), the Client may request and perform an export using the available Platform tools. After this period, the Provider has the right to delete or anonymize the data according to standard procedures (backups are erased according to their lifecycle).
19.7.3. Payments: all accrued and unpaid amounts are payable within 10 calendar days from the date of termination. Refunds are made according to the rules described in the Billing Policy https://app.gro.now/legal/billing.
19.7.4. Special Services/Supplementary Agreements: termination of the Subscription does not automatically terminate the effect of signed Supplementary Agreements/Orders, unless otherwise expressly stated therein or in the termination notice; such documents continue to be in effect with respect to the obligations provided for in their terms.

19.8. Survival. After termination, the following provisions shall survive: Section 8 (with respect to debt/taxes/reporting), Section 9 (AUP – for previously committed violations), Section 10 (data and distribution restrictions), Section 11 (confidentiality), Section 12 (security – with respect to incidents/disclosure), Paragraph 13.3 (service credits), Section 15 (intellectual property), Section 16 (disclaimers of warranties), Section 17 (limitations of liability), Section 18 (indemnification), Section 20 (disputes), Section 21 (sanctions/export), Section 22 (trademarks and mentions).

19.9. No Waiver of Claims. Suspension/termination does not release the Client from the obligation to pay for Services/add-ons/overage already rendered and does not deprive the Provider of the right to other remedies provided for in the Agreement and by law.

19.10. Notification Procedure. Notifications of suspension/termination are sent in the manner set forth in Section 23. In case of emergency security measures, notification after the suspension is permitted (with an explanation of the reasons and the necessary steps for restoration).

20. Governing Law, Jurisdiction, and Disputes

20.1. Applicable Law. The substantive law of the Republic of Kazakhstan shall apply to this Agreement and all legal relations between the Parties, regardless of conflict of law rules.

20.2. Pre-trial Procedure (Mandatory).
20.2.1. Before applying to a court/arbitration, the Parties are obliged to follow a pre-trial procedure. If the dispute concerns an incident, availability, indicators, or measures under the SLA, the Client shall first apply under the SLA procedures and await the actions/timeframes established by the SLA. Only in the absence of a proper settlement under the SLA shall a claim be sent under this paragraph.
20.2.2. The Party that has received a claim is obliged to send a reasoned response within 10 calendar days from the moment of its receipt. However, for issues of incidents/availability, the response times for rectification are governed by the SLA, and the response time for a claim is governed by this paragraph.
20.2.3. If the dispute is not settled under the SLA procedures and by claim, the Party has the right to apply for dispute resolution in a court or arbitration as specified below.
20.2.4. If no response is received within the specified period or if the claim is rejected, the Party has the right to apply for dispute resolution in the manner provided for below in this Section. Following the pre-trial procedure does not limit a Party's right to seek interim measures.

20.3. Clients from the Republic of Kazakhstan (Courts). For Clients registered/residing in the Republic of Kazakhstan, all disputes, disagreements, or claims arising from or in connection with the Agreement shall be finally resolved in court in the competent court at the Provider's location.

20.4. Foreign Clients (IAC Arbitration). For non-resident Clients of the Republic of Kazakhstan, all disputes, disagreements, and claims arising from or in connection with the Agreement (including issues of performance, breach, termination, or invalidity) shall be finally resolved in the International Arbitration Court 'IAC' (Republic of Kazakhstan, Almaty) in accordance with the following conditions:
20.4.1. Rules and Composition: the dispute shall be considered under the IAC Rules, arbitration – by a single arbitrator.
20.4.2. Place of Arbitration: Almaty, Republic of Kazakhstan.
20.4.3. Language of Arbitration: Russian.
20.4.4. Applicable Law: the substantive law of the Republic of Kazakhstan.
20.4.5. Electronic Communications: for the purpose of shortening the proceedings, IAC notifications to the parties (about the dates/times of hearings, rulings, copies of statements, motions, and materials), as well as the submission of motions/statements by the parties to the IAC and the sending of scanned copies of documents, are permitted by e-mail to the address IAC iac@arbitration.kz, except in cases where the IAC requires originals.
20.4.6. Parties' Addresses: electronic correspondence is conducted from the Parties' e-mail addresses specified in the 'Full Details and Signatures of the Parties' section of the relevant Contract and/or Order, and is recognized as proper.
20.4.7. Electronic Proceedings: the dispute shall be considered in the form of an electronic arbitration proceeding (video conference) using the contact information for video communication specified by the Parties in the 'Full Details and Signatures of the Parties' section of the Contract and/or Order.
20.4.8. Confidentiality: the arbitration proceedings are confidential, unless otherwise provided for by the IAC Rules or mandatory provisions of law.

21. Sanctions, Export Control, and Anti-Corruption

21.1. Compliance with Sanctions Regimes. Each Party represents and warrants that it, its affiliates, beneficiaries, directors, and key employees are not included in any restrictive measures/sanctions lists, including, without limitation, the sanctions lists of the Republic of Kazakhstan, the UN, the EU, the UK, the USA (OFAC/SDN), and other applicable jurisdictions, and are not under the control of persons from such lists.

21.2. Export Control and Prohibition of Circumvention. The Client undertakes to comply with all applicable export control rules, dual-use restrictions, as well as prohibitions on re-export, circumvention, or facilitation of the circumvention of restrictions. The Platform and related technologies (including cryptographic means, AI/LLM components, and encryption) may not be used in prohibited jurisdictions, for prohibited end-users, or for prohibited purposes.

21.3. Due Diligence (KYC/AML). The Provider has the right to request reasonable KYC/AML information and documents from the Client to confirm compliance with paras. 21.1-21.2. Failure to provide the information or the discovery of a violation gives the Provider the right to suspend access to the Platform and/or to terminate the Agreement unilaterally.

21.4. Prohibition of Corrupt Practices. The Parties undertake not to offer, promise, give, or accept illegal rewards, gifts, payments, or other benefits to any persons, including public officials, for the purpose of obtaining or retaining business, improperly influencing decisions, or otherwise violating applicable anti-corruption legislation (of the Republic of Kazakhstan, FCPA, UK Bribery Act, etc.).

21.5. Interaction with Government Agencies and Public Sectors. The Client guarantees compliance with all special requirements applicable to interaction with public customers/public property, including restrictions on gifts/fees, procurement transparency, and conflict of interest. The Provider has the right to request confirmation of such procedures when servicing public sector projects.

21.6. Client's Confirmations. The Client represents and warrants that: a) it will not use the Platform for transactions or projects that violate sanctions/export restrictions; b) it will immediately notify the Provider of any change in status that affects compliance with the requirements of this Section; c) it will ensure compliance with these requirements by its Users and contractors.

21.7. Right to Refuse/Suspend. The Provider has the right to refuse to conclude/renew a Subscription, to suspend or restrict access, and to terminate the Agreement with immediate effect if there are reasonable grounds to believe that the use of the Platform violates sanctions/export/anti-corruption requirements or creates significant compliance risks.

21.8. Compliance Audit. Upon the Provider's reasoned request, the Client shall provide confirmations (reasonable documents/statements) of compliance with this Section. Such a request should not unreasonably interfere with the Client's trade secrets and is carried out taking into account Section 11 (confidentiality).

21.9. Liability and Indemnification. The Client's violation of this Section is considered a material breach of the Agreement and may result in the indemnification of the Provider for direct damages, fines, and expenses incurred due to such a violation (taking into account the limits/exclusions of Section 17 and the procedure of Section 18).

21.10. Priority of Norms. In case of a conflict between the norms of different jurisdictions, the Parties shall be guided by the strictest applicable requirements that do not violate the mandatory norms of the law of the Republic of Kazakhstan. If specific restrictions make the performance of the Agreement illegal or impossible, para. 21.7 and Section 25 (force majeure) shall apply.

22. Publicity and Use of Marks

22.1. General Rule (Opt-in). The use of the trade names, trademarks, logos, and other designations of a Party (hereinafter the 'Marks') for external communications is permitted only with the prior written consent of the respective Party, unless otherwise expressly permitted by this Section.

22.2. Textual and Visual Mentions of the Client (Opt-out).
22.2.1. The Provider has the right, without the Client's separate consent, to indicate the Client's name in text and/or using its logo/Marks in the list of Platform users, on the website, in presentations, marketing materials, case studies, and press releases, provided that paras. 22.5 – 22.7 are complied with.
22.2.2. Upon the Client's written request, the Provider shall cease further use of the Marks/mentions and shall, within a reasonable time (usually up to 10 business days), remove/replace the materials in controlled channels.
22.2.3. If the Client has not provided brand guidelines/media for the Marks, the Provider has the right to use publicly available versions of the designations at its discretion, acting in good faith and not distorting the Marks.

22.3. Case Materials and Reviews (Opt-out).
22.3.1. The publication of case materials, excerpts from reviews, and other marketing materials is possible without separate special consent, provided that such materials do not disclose Confidential Information (Section 11) and do not contain commercially sensitive indicators without the Client's express consent.
22.3.2. The Client has the right to send a request for the removal/correction of specific materials; the Provider shall comply with the request in the manner set forth in para. 22.2.2.

22.4. License to the Marks (by default). For the term of the Agreement, the Client grants the Provider a limited, non-exclusive, royalty-free, non-transferable license to use the Marks for the purposes specified in paras. 22.2-22.3. The license is valid by default (without a separate letter), may be revoked by the Client by written notice; after revocation, the removal procedure under para. 22.2.2 shall apply. No other rights to the Marks are granted.

22.5. Withdrawal of Consent and Cessation of Use. A Party has the right to withdraw consent for the use of its Marks/materials if: (i) the materials have become outdated, (ii) the brand guidelines have been violated, (iii) the use is misleading or harms the business reputation. The other Party shall cease use and remove/update the materials within a reasonable time (usually up to 10 business days) from the moment of notification.

22.6. Prohibition of Misleading Use. The Parties are not entitled to represent a partnership, exclusivity, endorsement, or sponsorship if this is not expressly agreed; distortions of the results of using the Platform and incorrect comparisons with competitors are prohibited.

22.7. Joint Events and PR. Joint webinars, press releases, publications, and presentations are possible upon separate agreement on the plan, content, and deadlines. Each Party is responsible for complying with the rights of third parties (photos/videos, quotes, statistics) and the regimes of confidentiality/PD (Section 11).

22.8. Confidentiality is Maintained. This Section does not cancel the Confidential Information regime: the publication of information constituting CI without separate written permission is prohibited; if there is a separate NDA, the terms of the NDA shall prevail.

22.9. Termination of Subscription. Termination of the Subscription automatically terminates the right to new use of the Marks. Already released materials may be kept in archives and passive channels (e.g., conference recordings, press releases, other published information), unless their removal is requested under para. 22.5.

22.10. No Fee. The granting of the right to use the Marks does not entail the payment of royalties or other fees, unless otherwise expressly agreed by the Parties in writing.

23. Notifications

23.1. Communication Channels. Legally significant notifications and messages between the Parties shall be sent: 23.1.1. by e-mail to the addresses specified in the 'Full Details and Signatures of the Parties' section of the relevant Contract/Order; 23.1.2. through the Platform's interface (notifications/banners/support tickets - for operational messages, incidents, and SLA); 23.1.3. to the addresses specified on the Provider's 'Legal Information' page (/legal/imprint) – only for notifications to the Provider, unless another special address is specified in the Contract/Order; 23.1.4. in another manner expressly agreed by the Parties (e.g., through a dedicated ticket system or e-billing).

23.2. Form and Language.
23.2.1. For counterparties who are residents of EAEU member states, notifications shall be sent in writing in Russian (a duplicate in English is permissible).
23.2.2. For counterparties who are not residents of EAEU member states, notifications shall be sent in writing in English.

23.3. Moment of Delivery (Presumption of Delivery).
23.3.1. E-mail — at the time of sending, as recorded on the sender's server, in the absence of a non-delivery message within 24 hours; if sent outside the recipient's Business Day – it is considered received at the beginning of the next Business Day.
23.3.2. Notifications in the Platform's interface — at the time of publication/display in the Client's Account.
23.3.3. Postal/courier deliveries (if applicable) – according to the delivery service's mark of delivery.
23.3.4. For communications with the IAC within the framework of arbitration proceedings (para. 20.4), the address iac@arbitration.kz and the rules of the IAC Rules shall also apply.

23.4. Special Channels.
23.4.1. Incidents and SLA – through the support channels specified in the SLA/the 'Support' section; further legally significant messages on the same subject are permitted by e-mail according to para. 23.1.1.
23.4.2. Security/leaks – to the Provider's dedicated security address with a duplicate by e-mail according to para. 23.1.1.

23.5. Change of Details for Notifications. Each Party is obliged to keep its addresses/contacts up-to-date. A change of address for notifications takes effect 1 Business Day after sending a corresponding message to the other Party at the old address and posting (for the Provider) at /legal/imprint, if applicable.

23.6. Trusted Senders and Access. The actions and messages of the Client's Administrator and other authorized users in the Platform's interface are considered the actions/messages of the Client. The Parties shall ensure that their mail domains and communication channels do not block each other's messages (whitelist).

23.7. Priority of Special Rules. If special timeframes/channels are established for a specific process by the Agreement (e.g., the SLA), such special rules shall apply.

24. Assignment of Rights and Subcontracting

24.1. Cession and Other Dispositions of Rights. The Client is not entitled to transfer (assign, convey) rights and/or obligations under the Agreement, to enter into security transactions with them, or otherwise to dispose of them without the prior written consent of the Provider, except in the cases of para. 23.2. Any attempt to transfer in violation of this paragraph is void.

24.2. Exclusions (without consent):
24.2.1. Change of Control/Reorganization of the Client. An assignment/transfer in connection with a change of control, reorganization, merger, or sale of a substantial part of the Client's assets to a third party is permitted provided that the Provider is notified in writing in advance and there is a succession to all of the Client's obligations (including the AUP, DPA, unpaid amounts). The Provider has the right to refuse if such a transfer leads to a violation of sanctions/export requirements (Section 21) or to reasonable security/compliance risks.
24.2.2. Client's Affiliates. The Client has the right to transfer rights/obligations to an affiliate under the same ultimate control, with written notice of at least 10 business days and provided that there is joint and several liability with the affiliate until the obligations are fully performed.

24.3. Novation and Formalities. At the Provider's request, the Parties shall execute a novation/tripartite agreement on the transfer of the contract to the successor. Until the formalities are completed, the original Party remains responsible under the Agreement.

24.4. Prohibition of Splitting and Circumvention. The Client is not entitled to split the Subscription/accounts between persons who are not the Client or its affiliates, or to provide the Platform on a sublease/outsourcing basis to third parties without the written consent of the Provider (see para. 5.14).

24.5. Provider's Subcontractors. The Provider has the right to engage subcontractors to perform the Agreement, including providers of cloud services, integrations, and LLM suppliers, provided that: 24.5.1. The Provider remains responsible to the Client for the actions of such subcontractors as for its own. 24.5.2. Subcontractors who process personal data or participate in the provision of the Services are considered sub-processors; the requirements of the DPA apply to them, and the current list is published on the /legal/subprocessors page. 24.5.3. The engagement/replacement of significant sub-processors is carried out taking into account the notification/objection procedures provided for in the DPA; in case of a critical disagreement by the Client, the parties shall make a good faith effort to find a workaround, otherwise the provisions of Section 19 shall apply.

24.6. Transfer of Local Access Rights. In case of a transfer of the contract under para. 24.2, the Client's Administrator is obliged to timely reconfigure access/integrations, as well as to ensure the export/migration of data within the functionality of the Platform (Sections 10, 19).

25. Force Majeure

25.1. Definition of Force Majeure. Neither Party shall be liable for the full or partial non-performance of obligations under the Agreement if it was the result of force majeure circumstances that the Party could not have foreseen or prevented by reasonable measures, including, without limitation: a) natural disasters; b) fires; c) floods; d) earthquakes; e) epidemics/pandemics and related restrictions; f) military actions, g) acts of terrorism and mass riots; h) strikes and lockouts (except for internal ones at the Party claiming force majeure, if they could have been prevented); i) acts and decisions of government authorities, j) sanctions/embargoes, k) export/import restrictions; l) large-scale failures in the operation of electrical networks/the Internet/communication channels; m) prolonged (not caused by the Party) failures at cloud providers of data centers/networks; n) other similar circumstances.

25.2. Notification and Confirmation. The Party affected by force majeure is obliged to notify the other Party without undue delay, describing the nature, expected duration, and impact on performance, as well as to provide available confirmations (if any – certificates from authorized bodies/chambers of commerce and industry). Failure to provide notification within a reasonable time deprives the Party of the right to refer to force majeure with respect to preventable consequences.

25.3. Suspension of Performance and Extension of Deadlines. For the period of force majeure, the performance of the relevant obligations of the Party is suspended, and the deadlines are proportionally extended. The obligations to pay for services already rendered and to pay accrued amounts are not removed by force majeure, except in cases where the provision of the services itself has become legally/factually impossible.

25.4. Mitigation. Each Party shall take reasonable measures to minimize the impact of force majeure (including workarounds, load shifting, alternative communication channels) and shall regularly inform the other Party of the progress in eliminating the consequences.

25.5. SLA and Service Credits. Periods during which performance is impossible due to force majeure are excluded from the calculation of SLA indicators; service credits for such periods are not accrued.

25.6. Prolonged Duration and Right to Terminate. If the force majeure lasts continuously for more than 30 (calendar) days and significantly hinders the use of the Platform under the Agreement, either Party has the right to terminate the Agreement (in whole or in part with respect to the affected functionality) with written notice. In case of partial/full termination under this paragraph, the Provider shall make a proportional adjustment of future payments (if applicable). A refund of previously paid amounts is not made, unless otherwise expressly provided for by law or signed documents.

25.7. Data Export in Case of Force Majeure. Where possible, the Provider shall provide the Client with a window to export the Results and copies of Client Data using available means (see para. 19.7.2). If export is not possible due to the nature of the force majeure (e.g., a regulatory prohibition/blocking), the export period is extended for a reasonable period after the obstacles are removed.

25.8. Inapplicability to the Other Party's Monetary Obligations. The Client's monetary obligations for properly rendered Services are not considered affected by force majeure, except in cases where making the payment is objectively impossible due to regulatory prohibitions/sanctions or systemic failures of the payment infrastructure; in such cases, paras. 25.2-25.4 shall apply, and the Parties shall agree on an alternative payment method.

26. Changes to the Agreement

26.1. Online Version and Archive. The text of the Agreement is published at https://app.gro.now/legal. An archive of versions with dates/version identifiers is available at /legal/archive. The public online version is considered authentic.

26.2. Update Procedure. The Provider has the right to make changes to the Agreement and related documents (SLA, AUP, Policies, Tariff Description, etc.) with notification to the Client in the manner set forth in Section 23, unless otherwise provided for in this Section or by law.

26.3. Material Changes (7 calendar days). Changes that significantly affect the Client's rights/obligations (e.g., new use restrictions, changes in the liability mechanism, new Client obligations) come into force 7 calendar days from the date of notification. Before the effective date, the Client has the right to refuse to renew the Subscription or to terminate the Agreement for the future by notifying the Provider.

26.4. Non-Material/Improving Changes (effective immediately). Editorial, clarifying, error-correcting changes, as well as changes that clearly improve the conditions for the Client (e.g., expanding limits without increasing the price, clarifying procedures without increasing obligations) apply from the moment of publication/notification.

26.5. Mandatory and Urgent Changes. Changes necessary to comply with the law, regulatory requirements, to ensure security/eliminate vulnerabilities, as well as to prevent abuse/damage, may be applied immediately with parallel notification. Such changes are not considered material to the extent strictly necessary to comply with mandatory requirements.

26.6. Changes to Prices and Billing. The procedure for changing prices/rates is governed by Section 8. For an existing paid Subscription, prices are unchanged until the end of the current term; the new price applies from the next renewal with notification within the established period.

26.7. Acceptance of Changes. The use of the Platform after the effective date of the changes or the renewal of the Subscription is considered acceptance of the changes. In case of disagreement, the Client shall exercise the rights under para. 26.3 and/or terminate the Subscription under Section 19.

26.8. Priority of Special Documents. If the changes concern the DPA, SLA, AUP, or signed documents (Contract/Supplementary Agreement/Order), the priority rules of Sections 4.5 – 4.6 and 27 shall apply. In case of a conflict between this Agreement and a signed document, the signed document shall prevail with respect to the part regulated by it.

26.9. Fixing the Version for an Order. For a specific Order/signed Contract, the parties may fix a link/version identifier of the Agreement; in such a case, the specified version shall apply to the relations under the relevant document until its expiration, unless otherwise expressly agreed by the parties or required by law/security (para. 26.5).

27. Priority of Documents

27.1. General Principle. In case of conflicts between the documents governing the relations between the Parties, the following hierarchy shall apply (from higher to lower level), unless otherwise expressly stated in the relevant document:
27.1.1. Signed documents between the Parties (Contract / Supplementary Agreement / Order) – only with respect to the part expressly regulated by them;
27.1.2. This User Agreement;
27.1.3. SLA – with respect to service levels, metrics, and service credits;
27.1.4. AUP (Acceptable Use Policy) — with respect to prohibitions/restrictions on use;
27.1.5. Research Policy – with respect to the Client's use of research functionality;
27.1.6. Tariff Description (/legal/plans) and published specifications/limits;
27.1.7. Billing Policy (/legal/billing) – with respect to the procedure for invoicing/accounting/credits;
27.1.8. Security Policy (/legal/security) with respect to procedures and technical measures;
27.1.9. Privacy Policy (/legal/privacy) and Cookie Policy/banner (/legal/cookies, /legal/cookie-banner) – with respect to the processing of PD by the Provider as an operator;
27.1.10. DPA (Data Processing Agreement) — with respect to the processing of PD where the Provider is a processor of PD on behalf of the Client;
27.1.11. Terms for API/SDK (/legal/api-terms) – with respect to access to the API/SDK.

27.2. Local Priority of Signed Documents. In case of a conflict between this Agreement and the terms of a signed Contract/Supplementary Agreement/Order, the signed documents shall prevail, but exclusively within the scope limited by them.

27.3. Special Rules.
27.3.1. For incidents/availability and response times, the SLA shall prevail; the procedure for claims and the right to terminate – under paras. 19.4.2 and 20.4.
27.3.2. For personal data and cross-border transfer, the DPA shall prevail; for the API – the Terms for API/SDK; for AUP violations – the AUP.

27.4. Not Included in the Contract. Marketing materials, presentations, advertising, and public statements (including website pages outside the 'Legal Documents' section) are not part of the contract and do not change the Parties' obligations, unless expressly incorporated by a signed document.

27.5. Versioning. The versions of the documents in effect at the time of acceptance/execution of the relevant Order or in the manner established by Section 26 shall apply. An archive of versions is available at /legal/archive.

28. Final Provisions

28.1. Entire Agreement. This Agreement, together with the documents it refers to (see para. 1.5), and the documents signed by the Parties (Contract/Supplementary Agreements/Orders), constitutes the entire agreement between the Parties and supersedes all previous agreements on its subject matter.

28.2. Severability. If any provision is found to be invalid/unenforceable, it shall be applied to the maximum extent permissible, and the rest of the Agreement shall remain in force. The Parties shall in good faith replace such a provision with an equivalent one in meaning and legality.

28.3. Waiver of Right. The non-use or delay in the use of any right under the Agreement shall not be considered a waiver of it. A one-time waiver does not mean a waiver in the future and must be in writing.

28.4. Independence of the Parties. The Parties are independent contractors; the Agreement does not create a partnership, agency, employment, joint venture, or franchise relationship. Neither Party is entitled to make statements/assume obligations on behalf of the other without its written consent.

28.5. Transfer of Rights upon Change of Control. The Agreement remains in force upon a change of control/reorganization of a Party in compliance with Section 24 (assignment of rights and subcontracting).

28.6. Headings and Interpretation. The headings are for convenience and do not affect the interpretation. Terms are interpreted according to Section 2 and the context. The words 'including/in particular' mean 'including, but not limited to'.

28.7. Electronic Form and Copies. The Agreement and related documents may be concluded/exchanged in electronic form (including electronic signature, scanned copies, PDF, conclusive actions under Section 4). Electronic copies have the force of originals to the extent permitted by applicable law.