Legal

RevBridge Terms of Service

Last Updated: April 10, 2026

THIS TERMS OF SERVICE AGREEMENT ("AGREEMENT") GOVERNS ANY SERVICES PROVIDED BY REVBRIDGE TO CUSTOMER. REVBRIDGE AI LTDA. ("REVBRIDGE") MAY UPDATE THESE TERMS FROM TIME TO TIME AND BY CONTINUING TO USE ANY SERVICES PROVIDED BY REVBRIDGE, CUSTOMER AGREES TO COMPLY WITH THESE TERMS AS UPDATED.

The current version of these Terms is available at https://revbridge.ai/terms.

PLEASE READ THESE TERMS CAREFULLY. BY ACCESSING OR USING THE SERVICES, INCLUDING BY REGISTERING AN ACCOUNT, YOU ARE CONFIRMING THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY ALL OF THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, YOU MUST DISCONTINUE USE OF THE SERVICES IMMEDIATELY.

In consideration of the mutual covenants and agreements contained herein, the parties agree as follows:

Table of Contents

1. Definitions
2. Services
3. Registration & Account
4. Budget, Fees & Payment
5. Proprietary Rights
6. Confidentiality
7. Warranties & Disclaimers
8. Mutual Indemnification
9. Limitation of Liability
10. Term & Termination
11. General Provisions

Addendum A — Data Processing Addendum (DPA)

Annex 1 — Security Measures

1. Definitions

"Affiliate" means, with respect to a party, any entity, whether incorporated or not, that directly or indirectly controls, is controlled by, or is under common control with such party, where "control" means the direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

"Budget" means the prepaid amount deposited by Customer into Customer's RevBridge account, which is allocated to Campaigns and consumed to cover all operational costs of running and optimizing such Campaigns.

"Campaign" means a set of customer engagement actions configured by Customer within the Platform to reach End Users through one or more Channels, subject to the parameters and budget allocation defined by Customer.

"Channel" means a communication medium through which Messages are delivered, including but not limited to email, SMS, WhatsApp, push notifications, and any additional channels supported by the Platform.

"Conversion" means a measurable action by an End User that is attributable to a Campaign, as defined in the applicable Insertion Order or within the Platform settings (e.g., a purchase, sign-up, form submission, or other agreed-upon event).

"Credit Balance" means the remaining unused portion of Customer's Budget at any given time.

"Customer Application" means Customer's mobile applications, websites, or e-commerce stores, as made available to its End Users.

"Customer Data" means data in the Services that has been submitted or collected by or on behalf of Customer, including Personal Data.

"Dashboard" means RevBridge's web-based interface through which Customer configures, monitors, and manages Campaigns and account settings.

"Documentation" means the online documentation for the Services, accessible via the RevBridge website or Dashboard, as updated from time to time.

"End User" means any individual whose data is maintained within the Services by Customer for customer engagement purposes.

"Insertion Order" or "IO" means the ordering document specifying Campaign parameters, Conversion definitions, pricing, Budget allocation, and any additional commercial terms agreed upon by the parties.

"Malicious Code" means viruses, worms, time bombs, Trojan horses, and other harmful or malicious code, files, scripts, agents, or programs.

"Message" means any communication with End Users made by or on behalf of Customer directly or indirectly through the Services.

"Personal Account" means the section of the Dashboard accessible under Customer's user credentials, where available Services, Budget balance, Campaign settings, reporting, and account configurations are displayed and managed.

"Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws, including Brazil's Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018).

"Platform" means RevBridge's proprietary software-as-a-service product, including all features, tools, APIs, SDKs, and integrations made available by RevBridge.

"Restricted Information" means: (i) government-issued identification numbers (e.g., CPF, RG, passport, driver's license); (ii) health-related data protected under applicable law; or (iii) credit or debit card numbers, bank account numbers, or any related security codes or passwords.

"SDK" means any Software Development Kit or other similar code developed and made available by RevBridge for use in connection with the Services.

"Services" means the Platform, Dashboard, Channels, APIs, SDKs, and any related services provided by RevBridge to Customer under this Agreement.

"Territory" means the territory within which Customer is entitled to use the Services. Unless otherwise specified in an Insertion Order, the right to use the Services is provided worldwide, with the exception of territories subject to comprehensive sanctions imposed by applicable authorities.

"User" or "Dashboard User" means an individual who is authorized by Customer to access and use the Dashboard. Dashboard Users may include employees, consultants, contractors, and agents of Customer.

2. Services

2.1 Provision of Services. RevBridge shall make the Services available to Customer pursuant to this Agreement during the term hereof. RevBridge operates on a performance-based model: Customer allocates Budget, and RevBridge delivers Campaigns designed to generate Conversions, consuming Budget only as results are delivered. Customer's use of the Services is not contingent upon the delivery of any future functionality or features, or dependent on any oral or written public statements made by RevBridge regarding future functionality or features.

2.2 Customer Affiliates. Customer Affiliates may use the Services purchased by Customer, provided that Customer sets up individuals acting on behalf of such Affiliate as Dashboard Users. Customer remains responsible for all actions taken by its Affiliates within the Services.

2.3 RevBridge Responsibilities. RevBridge shall: (a) provide the Services in material compliance with the Documentation; (b) use commercially reasonable efforts to make the Platform available 24 hours a day, seven days a week, except for: (i) planned downtime (for which RevBridge shall give reasonable advance notice); or (ii) circumstances beyond RevBridge's reasonable control, including without limitation acts of nature, acts of government, civil unrest, pandemic/epidemic, hosting provider or internet service provider failures, third-party provider disruptions, and denial of service attacks; (c) provide technical support for the Services; and (d) provide the Services in compliance with applicable laws.

2.4 Customer Responsibilities. Customer is responsible for all actions taken by Customer or its Dashboard Users within Customer's account and for Dashboard Users' compliance with this Agreement. Customer shall: (a) have sole responsibility for the accuracy and legality of all Customer Data; (b) ensure that any access credentials for the Services are kept strictly confidential and not shared with any unauthorized person; (c) promptly notify RevBridge of any breach of security or unauthorized use of its account; (d) use the Services in compliance with this Agreement, the applicable Insertion Order(s), RevBridge's Acceptable Use Policy (if published), and all applicable laws and regulations, including but not limited to consumer protection, anti-spam, and data protection legislation; and (e) ensure that all Messages comply with applicable law and do not contain misleading, fraudulent, or unlawful content.

2.5 Customer Data Ownership & End User Database. RevBridge does not generate, acquire, enrich, or otherwise create End User databases or lead lists on behalf of Customer. All End User data uploaded to or processed within the Platform is provided exclusively by Customer. Customer is solely responsible for the collection, accuracy, legality, and maintenance of its End User database, including ensuring that all necessary consents have been obtained and that all applicable data protection and anti-spam laws have been complied with prior to uploading such data to the Platform. RevBridge acts solely as an intermediary for the delivery of Campaigns to End Users designated by Customer and shall have no liability arising from Customer's End User data or the means by which it was acquired.

2.6 Use Guidelines. Customer shall use the Services solely for its and its Affiliates' legitimate business purposes and shall not: (a) license, sell, resell, lease, transfer, distribute, or otherwise make the Services available to any third party other than End Users through authorized Campaigns; (b) send via, upload to, or store within the Services any Malicious Code; (c) interfere with, disrupt, or threaten the security, stability, integrity, or availability of the Services; (d) attempt to gain unauthorized access to the Services or its related systems or networks; (e) modify, copy, or create derivative works based on the Services or the SDK; (f) reverse engineer, decompile, or disassemble the Services or the SDK; (g) access the Services or Dashboard for competitive purposes, including benchmarking; (h) submit to the Services or use the Services to collect, store, or process Restricted Information; (i) use the Services to send unsolicited communications (spam) or in violation of applicable anti-spam laws; or (j) artificially inflate Conversion metrics or engage in any form of fraud.

2.7 Campaign Controls. Customer may pause, resume, or stop any Campaign at any time through the Dashboard. Upon pausing or stopping a Campaign, RevBridge shall cease delivering Messages under that Campaign within a commercially reasonable timeframe. Conversions that occur after a Campaign is stopped but that are attributable to Messages already delivered prior to the stop instruction may still be charged against Customer's Budget.

2.8 Third-Party Providers. Customer may elect to use third-party services that interoperate with the Platform ("Third-Party Provider"). Any use of such Third-Party Provider is solely between Customer and the Third-Party Provider. RevBridge makes no warranty of any kind with respect to any Third-Party Provider and is not responsible for any disclosure, modification, or deletion of Customer Data arising from such provider's access to the Services. Customer shall comply with any agreement it has in place with such Third-Party Provider and independently bears the risks and responsibility for third-party software integration.

2.9 Protection of the Services. In the event that Customer is in breach of its obligations under this Section 2, RevBridge may suspend Customer's or Dashboard User's access to the Services. RevBridge will notify Customer of any such suspension in advance, except where RevBridge reasonably believes the violation is willful or in an urgent or emergency situation. RevBridge will work with Customer in good faith to resolve the breach. RevBridge will have no liability for any such suspension made in good faith. Unless this Agreement has been terminated, RevBridge will restore access following resolution of the breach.

2.10 Conversion Event Tracking. Customer is solely responsible for sending Conversion event data to RevBridge through the integration method agreed upon during onboarding, which may include native integrations, server-to-server (S2S) callbacks, SDK implementation, webhooks, or any other method specified in the applicable Insertion Order or Documentation. RevBridge's ability to optimize Campaigns and accurately report performance depends on the timely, accurate, and complete transmission of Conversion events by Customer. RevBridge shall have no liability for: (a) inaccurate Campaign optimization or reporting arising from missing, delayed, duplicated, or incorrect Conversion event data provided by Customer; (b) Budget consumption that does not reflect actual Conversions due to integration failures on Customer's side; or (c) any discrepancy between RevBridge's reported Conversions and Customer's internal records where such discrepancy results from Customer's failure to properly implement or maintain the agreed integration.

2.11 Message Destinations & Content. Customer is solely responsible for all URLs, links, landing pages, and destination content included in or referenced by Messages sent through the Services. RevBridge does not review, monitor, approve, or control the content of any destination to which End Users are directed as a result of interacting with a Message. RevBridge shall have no liability for: (a) the content, accuracy, legality, or availability of any website, page, or resource linked from a Message; (b) any harm, loss, or damage incurred by End Users or third parties as a result of visiting or interacting with such destinations; or (c) any violation of applicable law, including consumer protection or advertising regulations, arising from the content of Customer's destination pages. Customer shall indemnify RevBridge against any claims arising from the content of or access to URLs and destinations included in Messages.

2.12 AI-Generated Content. The Services use artificial intelligence and machine learning technologies to dynamically generate, personalize, and optimize Message content, including but not limited to subject lines, body text, calls to action, product recommendations, and other creative elements, with the goal of maximizing Conversion probability. Customer may provide brand guidelines, tone of voice rules, approved terminology, content restrictions, and other guardrails ("Brand Guardrails") through the Dashboard or during onboarding, and RevBridge shall use commercially reasonable efforts to ensure that AI-generated content adheres to such Brand Guardrails. However, due to the probabilistic nature of artificial intelligence, Customer acknowledges and agrees that: (a) AI-generated content may occasionally deviate from the Brand Guardrails, including but not limited to variations in tone, phrasing, terminology, or messaging approach; (b) RevBridge does not guarantee that every piece of AI-generated content will be fully compliant with Customer's Brand Guardrails at all times; (c) it is Customer's responsibility to review and monitor AI-generated content through the tools and previews available in the Dashboard, and to promptly notify RevBridge of any material deviations or concerns; and (d) RevBridge shall not be liable for any harm, loss, or damage arising from AI-generated content that deviates from Customer's Brand Guardrails, except in cases of gross negligence or willful misconduct by RevBridge. AI-generated content is a core component of the Services and cannot be disabled. By using the Services, Customer expressly acknowledges and consents to the use of artificial intelligence in the generation and optimization of all Message content.

2.13 Message Content Storage. By default, RevBridge does not retain copies of the final Message content delivered to End Users. If Customer wishes to access historical records of Messages sent through the Platform (including AI-generated content), Customer must explicitly opt in to Message Content Storage through the Dashboard or during onboarding. Upon opt-in, RevBridge shall store copies of delivered Message content in encrypted form for a maximum period of two (2) years from the date of delivery. After this period, stored Message content shall be permanently deleted. Customer may revoke its opt-in at any time through the Dashboard, in which case RevBridge shall cease storing new Message content and shall delete previously stored content within thirty (30) days of revocation, unless Customer requests an earlier deletion. RevBridge shall have no obligation to provide records of Message content if Customer has not opted in to Message Content Storage.

3. Registration & Account

3.1 Account Creation. To use the Services, Customer must register on the Platform by creating a Personal Account, providing accurate and complete information including the company name, authorized contact person's name, email address, and password, unless otherwise specified for a particular Service. Customer may also register using third-party authentication providers supported by the Platform (e.g., Google).

3.2 Account Responsibility. After successful registration, any actions performed using Customer's Personal Account are recognized as committed by Customer. Customer is responsible for the safety and confidentiality of its credentials and shall not disclose login information to unauthorized third parties. Customer assumes all risks associated with errors or inaccuracies in the data provided during registration.

3.3 Consent. By registering and using the Services, Customer agrees to: (a) the processing of data provided in accordance with RevBridge's Privacy Policy; and (b) receiving service-related communications from RevBridge to the email address specified during registration. Customer may opt out of marketing communications at any time.

3.4 Information Updates. In the event of a change in Customer's registration data, or in the case of unauthorized access to Customer's Personal Account, Customer shall immediately notify RevBridge at support@revbridge.ai.

4. Budget, Fees & Payment

4.1 Prepaid Budget Model. The Services operate on a prepaid budget model. Customer deposits Budget into its RevBridge account in advance and allocates Budget to one or more Campaigns. Once a Campaign is active, RevBridge consumes the allocated Budget to operate and optimize the Campaign, including but not limited to message delivery across Channels, machine learning processing, algorithmic decision-making, cloud infrastructure, token consumption, and any other resources required to maximize the probability of achieving Customer's defined Conversion goal. Budget consumption reflects the total operational cost of running the Campaign, not a per-Conversion or per-message unit price. RevBridge shall report Campaign performance metrics, including cost per Conversion, through the Dashboard. The decision to continue, pause, or stop a Campaign — and therefore to continue consuming Budget — is solely and entirely Customer's responsibility. Customer may add Budget to its account at any time.

4.2 Conversion Pricing. The cost per Conversion or other applicable pricing model shall be set forth in the applicable Insertion Order or within the Dashboard. RevBridge reserves the right to update pricing upon thirty (30) days' written notice to Customer, which shall apply to new Budget deposits made after the effective date of such update.

4.3 Budget Consumption & Reporting. RevBridge shall provide Customer with access to real-time or near-real-time reporting of Budget consumption, Conversions delivered, and Campaign performance metrics through the Dashboard. Customer acknowledges that reporting data may be subject to minor delays or adjustments.

4.4 Credit Balance & Refunds. Customer may request a refund of its Credit Balance at any time by submitting a written request to RevBridge. RevBridge shall process the refund within thirty (30) business days from receipt of the request, minus any amounts owed by Customer for Conversions already delivered or in transit. Refunds shall be made to the same payment method used for the original deposit, unless otherwise agreed.

4.5 No Minimum Commitment. Unless otherwise specified in an Insertion Order, there is no minimum spend or minimum commitment period. Customer may stop using the Services at any time and request a refund of its remaining Credit Balance pursuant to Section 4.4.

4.6 Disputed Conversions. If Customer disputes any Conversion charged against its Budget, Customer shall notify RevBridge in writing within fifteen (15) days of the charge. RevBridge shall investigate the dispute in good faith and, if the Conversion is found to be invalid (e.g., fraudulent, duplicated, or not matching the agreed Conversion definition), RevBridge shall credit the corresponding amount back to Customer's Budget.

4.7 Taxes. Unless otherwise stated, RevBridge's fees do not include any taxes, levies, duties, or similar governmental assessments of any nature, including ISS, PIS, COFINS, ICMS, or any other applicable Brazilian taxes (collectively, "Taxes"). If RevBridge is required by law to collect or pay Taxes for which Customer is responsible, such amounts shall be invoiced to and paid by Customer. RevBridge is solely responsible for taxes assessed against it based on its income, property, and employees.

4.8 Invoicing. RevBridge shall issue electronic invoices (Nota Fiscal) for all amounts received from Customer, in accordance with applicable Brazilian tax legislation.

5. Proprietary Rights

5.1 Reservation of Rights. Subject to the limited rights expressly granted hereunder, RevBridge reserves all intellectual property rights in and to the Services, the Platform, the SDK, including any improvements, enhancements, or updates thereto, and any related material provided by RevBridge. Customer retains all intellectual property rights in and to the Customer Application(s) and Customer Data.

5.2 Limited License. RevBridge grants Customer a non-exclusive, non-transferable, revocable license to access and use the Services during the term of this Agreement, solely for Customer's internal business purposes as contemplated herein. Customer shall not provide sub-licenses in relation to the Services.

5.3 Intellectual Property Restrictions. Customer shall not: (a) modify, copy, or create derivative works based on the Services, any of its features, functions, or graphics, or the SDK; (b) reverse engineer, decompile, or disassemble the Services or the SDK; or (c) alter, remove, or suppress in any manner any copyright, trademark, or other proprietary notices displayed by the Services or the SDK.

5.4 Feedback. If Customer provides any suggestions, comments, improvements, ideas, or other feedback relating to the Services ("Feedback"), Customer acknowledges and agrees that RevBridge may use such Feedback to modify or improve the Services without any obligation, payment, or restriction.

5.5 Customer Reference. RevBridge may use Customer's name and logo to identify Customer as a client of RevBridge in marketing materials, client lists on its website, and during conferences and partner negotiations, subject to Customer's consent. Customer may withdraw such consent at any time by providing written notice to RevBridge.

6. Confidentiality

6.1 Definition of Confidential Information. "Confidential Information" means all confidential and proprietary information of a party ("Disclosing Party") disclosed to the other party ("Receiving Party") that is marked as "Confidential" or "Proprietary," or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. The terms and conditions of this Agreement, all Insertion Orders, RevBridge's pricing, and Customer Data are Confidential Information. Confidential Information also includes information regarding algorithms, operation, interfaces, and components of the Services. Confidential Information shall not include information that: (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (ii) was known to the Receiving Party prior to disclosure; (iii) was independently developed by the Receiving Party; or (iv) is received from a third party without breach of any obligation owed to the Disclosing Party.

6.2 Obligations. The Receiving Party shall use the same degree of care it uses to protect its own confidential information of like kind (but in no event less than reasonable care) to: (a) not use any Confidential Information for any purpose outside the scope of this Agreement; and (b) limit access to Confidential Information to those employees, contractors, and agents ("Representatives") who need such access for purposes consistent with this Agreement and who are bound by written confidentiality obligations no less protective than those herein. The Receiving Party shall be liable for any breach of this section by its Representatives.

6.3 Compelled Disclosure. If the Receiving Party is compelled by law or judicial order to disclose Confidential Information, it shall provide the Disclosing Party with prior notice (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure.

6.4 Remedies. If the Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information in breach of this section, the Disclosing Party shall have the right, in addition to any other remedies available, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the parties that other available remedies may be inadequate.

7. Warranties & Disclaimers

7.1 RevBridge Warranties. RevBridge represents and warrants that: (a) the functionality and overall security of the Services will not be materially decreased during the term; (b) the Services will perform substantially in accordance with the Documentation; (c) RevBridge will provide the Services in a professional and workmanlike manner consistent with generally accepted industry standards; and (d) it has all the rights and permissions necessary to grant Customer the right to use the Services.

7.2 Customer Warranties. Customer represents and warrants that: (a) it has the legal right and authority to enter into this Agreement; (b) if Customer is a company, the Terms are accepted by an authorized representative; (c) Customer Data and its use of the Services will not violate any applicable law or infringe upon the rights of any third party; (d) the credentials and data provided during registration are accurate and complete; and (e) it will comply with all applicable laws in connection with its use of the Services.

7.3 No Guarantee of Results. CUSTOMER ACKNOWLEDGES THAT REVBRIDGE DOES NOT GUARANTEE ANY SPECIFIC NUMBER OF CONVERSIONS, CONVERSION RATES, REVENUE, OR OTHER CAMPAIGN OUTCOMES. THE SERVICES ARE DESIGNED TO OPTIMIZE CAMPAIGN PERFORMANCE USING ALGORITHMIC CHANNEL SELECTION AND DELIVERY, BUT RESULTS DEPEND ON MULTIPLE FACTORS OUTSIDE OF REVBRIDGE'S CONTROL, INCLUDING CUSTOMER'S PRODUCTS, PRICING, INVENTORY, END USER BEHAVIOR, MARKET CONDITIONS, AND THE QUALITY OF CUSTOMER'S END USER DATABASE. REVBRIDGE IS NOT A PARTY TO ANY COMMERCIAL TRANSACTION BETWEEN CUSTOMER AND ITS END USERS. REVBRIDGE'S ROLE IS LIMITED TO OPTIMIZING THE DELIVERY OF MESSAGES TO MAXIMIZE THE PROBABILITY OF THE CONVERSION EVENT DEFINED BY CUSTOMER. REVBRIDGE SHALL NOT BE LIABLE FOR ANY SALES, REVENUE, OR BUSINESS OUTCOMES, NOR FOR ANY DAMAGES RESULTING FROM CAMPAIGN PERFORMANCE OR THE ABSENCE THEREOF. THE CONVERSION DEFINITION IS SET SOLELY BY CUSTOMER, AND REVBRIDGE'S OBLIGATION IS LIMITED TO OPTIMIZING TOWARD THAT DEFINED CONVERSION, REGARDLESS OF ITS COMMERCIAL VALUE TO CUSTOMER.

7.4 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED HEREIN, TO THE MAXIMUM EXTENT PERMITTED BY LAW, REVBRIDGE DISCLAIMS ANY AND ALL REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE. THE SERVICES ARE PROVIDED "AS IS" WITH RESPECT TO ANY FUNCTIONALITY NOT EXPRESSLY WARRANTED HEREIN.

8. Mutual Indemnification

8.1 Indemnification by RevBridge. Subject to Section 9, RevBridge shall defend, indemnify, and hold Customer harmless from any damages, losses, costs, and reasonable attorney fees arising from third-party claims ("Claims") alleging: (a) a breach by RevBridge of its confidentiality or data protection obligations under this Agreement; (b) gross negligence or willful misconduct by RevBridge; or (c) that the Services or the SDK infringe or misappropriate intellectual property rights of a third party. If RevBridge receives information about an infringement claim, RevBridge may in its discretion and at no cost to Customer: (i) modify the Services so that they no longer infringe, without materially decreasing functionality; (ii) obtain a license for Customer's continued use; or, if (i) and (ii) are not reasonably practicable, (iii) terminate Customer's access and refund the Credit Balance.

8.2 Indemnification by Customer. Subject to Section 9, Customer shall defend, indemnify, and hold RevBridge harmless from any Claims alleging: (a) that Customer Data infringes or misappropriates the intellectual property rights or privacy rights of a third party; (b) Customer's use of the Services in breach of this Agreement or applicable law; (c) a breach by Customer of its confidentiality obligations; (d) gross negligence or willful misconduct by Customer; or (e) a violation by Customer of any applicable Third-Party Provider terms arising from Customer's use of such provider in connection with the Services.

8.3 Procedure. The party seeking indemnification must: (a) promptly notify the indemnifying party in writing; (b) give the indemnifying party sole control of the defense and settlement (except that the indemnifying party may not settle unless it unconditionally releases the indemnified party of all liability); and (c) provide reasonable non-monetary assistance and cooperation. Failure to notify shall not relieve the indemnifying party of its obligations unless materially prejudiced thereby.

8.4 Exclusive Remedy. This Section 8 states the indemnifying party's sole liability to, and the indemnified party's exclusive remedy against, the other party for any type of Claim described herein.

9. Limitation of Liability

9.1 Limitation of Liability. TO THE EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL EXCEED THE TOTAL AMOUNT OF BUDGET DEPOSITED AND ACTUALLY CONSUMED BY CUSTOMER IN THE TWELVE (12) MONTHS PRECEDING THE INCIDENT GIVING RISE TO LIABILITY.

9.2 Exclusion of Indirect Damages. IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, LOSS OF BUSINESS OPPORTUNITIES, LOSS OF USE, LOSS OF REVENUE, LOSS OF GOODWILL, LOSS OF DATA, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND, HOWEVER CAUSED, WHETHER IN CONTRACT, TORT, OR UNDER ANY OTHER THEORY OF LIABILITY, WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS EXCLUSION SHALL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.

9.3 Exceptions. The limitations in this Section 9 shall not apply to: (a) either party's indemnification obligations under Section 8; (b) either party's breach of its confidentiality obligations under Section 6; (c) Customer's payment obligations; or (d) liability arising from gross negligence or willful misconduct.

10. Term & Termination

10.1 Term. This Agreement commences on the date Customer first accepts these Terms or accesses the Services and continues until terminated by either party in accordance with this Section.

10.2 Termination for Convenience. Either party may terminate this Agreement at any time, for any reason or no reason, without prior notice. Customer may terminate by deleting its account through the Dashboard or by providing written notice to RevBridge. RevBridge may terminate by disabling Customer's access to the Services, with or without prior notice and without obligation to provide a reason. Upon termination for convenience by Customer, RevBridge shall refund the Credit Balance in accordance with Section 4.4. Upon termination for convenience by RevBridge, RevBridge shall refund the full Credit Balance to Customer within thirty (30) business days.

10.3 Termination for Cause. Either party may terminate this Agreement immediately upon written notice if: (a) the other party materially breaches this Agreement and fails to cure such breach within thirty (30) days of written notice; or (b) the other party becomes subject to bankruptcy, insolvency, receivership, liquidation, or similar proceedings under applicable law.

10.4 Termination by RevBridge. RevBridge may terminate this Agreement immediately if Customer violates applicable law, the rights of third parties, or the provisions of this Agreement. In such case, Customer's access to the Services shall be terminated. The return of any remaining Credit Balance shall be at RevBridge's discretion and subject to the deduction of any damages incurred by RevBridge.

10.5 Automatic Termination. This Agreement shall be deemed automatically terminated if Customer has not deposited any Budget and has not performed any actions using the Services during the last twelve (12) consecutive months.

10.6 Effect of Termination. Upon termination of this Agreement: (a) Customer's access to the Services shall cease; (b) RevBridge shall refund any remaining Credit Balance in accordance with Section 4.4 (except as provided in Section 10.4), net of any amounts owed for Conversions delivered or in transit; (c) each party shall return or destroy the other party's Confidential Information upon request; and (d) RevBridge shall delete or return Customer Data in accordance with Addendum A (DPA).

10.7 Surviving Provisions. Sections 4 (to the extent of accrued obligations), 5, 6, 7, 8, 9, and 11 shall survive any termination or expiration of this Agreement.

11. General Provisions

11.1 Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.

11.2 No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.

11.3 Force Majeure. Neither party shall be liable for any failure or delay in performing its obligations under this Agreement (other than payment obligations) where such failure or delay results from circumstances beyond its reasonable control, including but not limited to acts of nature, acts of government, civil unrest, pandemic or epidemic, strikes, hosting provider or internet service provider failures, and denial of service attacks. The time for performance of obligations shall be extended proportionally to the duration of such circumstances.

11.4 Export Control and Sanctions Compliance. Customer shall comply with all applicable export control and sanctions laws. Customer shall not, directly or indirectly, use or allow access to the Services in any territory subject to comprehensive sanctions, or by any person or entity on an applicable sanctions list.

11.5 Notices. All notices under this Agreement shall be sent in writing via email. Legal notices to RevBridge shall be addressed to legal@revbridge.ai. Legal notices to Customer shall be addressed to the email associated with Customer's account or as otherwise designated by Customer. Billing-related notices shall be addressed to the relevant billing contact designated by Customer.

11.6 Waiver and Cumulative Remedies. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.

11.7 Severability. If any provision of this Agreement is found to be unenforceable by a court of competent jurisdiction, that provision shall be severed and shall not affect the validity or enforceability of the remaining provisions.

11.8 Assignment. Neither party may assign this Agreement without the prior written consent of the other party (not to be unreasonably withheld), except in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Any attempted assignment in breach of this section shall be void.

11.9 Governing Law. This Agreement shall be governed exclusively by the laws of the Federative Republic of Brazil. The courts of the Comarca de São Paulo, State of São Paulo, Brazil, shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement, and each party hereby consents to such jurisdiction and waives any objection thereto.

11.10 Consumer Protection. Nothing in this Agreement shall be construed as limiting any rights that Customer or its End Users may have under the Brazilian Consumer Protection Code (Código de Defesa do Consumidor — Law No. 8,078/1990), to the extent applicable.

11.11 Changes to Terms. RevBridge reserves the right to modify these Terms at any time. Continued use of the Services after such modifications constitutes Customer's acceptance of the updated Terms. RevBridge shall notify Customer of material changes via email or through the Dashboard.

11.12 Entire Agreement. This Agreement, together with all Insertion Orders and the Data Processing Addendum (Addendum A), constitutes the entire agreement between the parties regarding the subject matter hereof, and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral. No modification or waiver of any provision shall be effective unless in writing and signed by both parties. In the event of any conflict, the order of precedence shall be: (1) the applicable Insertion Order, (2) Addendum A (DPA), and (3) this Agreement.

11.13 Language. This Agreement is executed in English. In the event of any conflict between an English version and a translated version, the English version shall prevail.

11.14 Contact. For any questions about these Terms, Customer may contact RevBridge at support@revbridge.ai.

Addendum A — Data Processing Addendum

This Data Processing Addendum ("DPA") supplements the RevBridge Terms of Service ("Terms") and forms an integral part thereof. In case of any conflict between this DPA and the Terms, this DPA shall prevail to the extent of such conflict.

A.1 Scope and Applicability

This DPA applies to the Processing of Personal Data by RevBridge on behalf of Customer in connection with the provision of the Services. Both parties shall comply with all applicable data protection laws, including Brazil's Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018) and any regulations issued by the Autoridade Nacional de Proteção de Dados (ANPD).

A.2 Definitions

For purposes of this DPA, the following terms apply in addition to those defined in the Terms:

"Applicable Data Protection Laws" means all applicable worldwide legislation relating to data protection and privacy, including without limitation the LGPD, the EU General Data Protection Regulation (GDPR), and any other data protection laws applicable to the respective party's Processing of Personal Data under the Terms.

"Controller" (or "Controlador" under the LGPD) means the natural or legal person that determines the purposes and means of the Processing of Personal Data.

"Data Subject" means the individual to whom Personal Data relates.

"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored, or otherwise Processed by RevBridge in connection with the Services. Personal Data Breach shall not include unsuccessful attempts or activities that do not compromise the security of Personal Data.

"Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

"Processor" (or "Operador" under the LGPD) means the natural or legal person that Processes Personal Data on behalf of the Controller.

"Sub-Processor" means any Processor engaged by RevBridge or its Affiliates to assist in fulfilling its obligations with respect to the provision of the Services.

A.3 Roles of the Parties

For purposes of Applicable Data Protection Laws, Customer acts as the Controller of Personal Data, and RevBridge acts as the Processor to the extent it Processes Personal Data on behalf of Customer in connection with the Services. Where Customer itself acts as a Processor on behalf of a third-party Controller, RevBridge shall be a Sub-Processor.

A.4 Customer Responsibilities

Customer is responsible for: (a) the accuracy, quality, and legality of Customer Data and the means by which it was acquired; (b) complying with all transparency and lawfulness requirements under Applicable Data Protection Laws, including obtaining all necessary consents, authorizations, and legal bases required to collect and share End User data with RevBridge; (c) ensuring that its instructions to RevBridge regarding the Processing of Personal Data comply with applicable laws; and (d) complying with all laws applicable to any Messages or content created, sent, or managed through the Services.

A.5 RevBridge Responsibilities

A.5.1 Compliance with Instructions. RevBridge shall only Process Personal Data for the purposes of providing the Services in accordance with Customer's documented instructions as specified in the Terms and this DPA, except where otherwise required by applicable law. If RevBridge becomes aware that it cannot Process Personal Data in accordance with Customer's instructions due to a legal requirement, RevBridge will promptly notify Customer and, where necessary, cease Processing until Customer issues new lawful instructions.

A.5.2 Confidentiality. RevBridge shall ensure that any personnel authorized to Process Personal Data on its behalf are subject to appropriate confidentiality obligations.

A.5.3 Security Measures. RevBridge shall implement and maintain appropriate technical and organizational measures to protect Personal Data against any misuse or accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, as described in Annex 1 (Security Measures). RevBridge may modify its security measures provided that such modification does not result in a material degradation of protection.

A.5.4 Personal Data Breach Notification. RevBridge shall notify Customer without undue delay, and in any event within seventy-two (72) hours of becoming aware of a Personal Data Breach. Such notification shall include: (i) a description of the nature of the breach, including where possible the categories and approximate number of Data Subjects and records concerned; (ii) the name and contact details of a contact point for further information; and (iii) a description of the measures taken or proposed to address the breach. RevBridge shall cooperate with Customer in investigating and mitigating the incident and in complying with any notification obligations under Applicable Data Protection Laws.

A.5.5 Data Subject Requests. RevBridge shall make available to Customer the ability to fulfill requests by Data Subjects to exercise their rights under Applicable Data Protection Laws. If RevBridge receives a request directly from a Data Subject, RevBridge will direct the Data Subject to Customer unless prohibited by law.

A.6 Sub-Processors

A.6.1 Authorization. Customer authorizes RevBridge to engage Sub-Processors for the Processing of Personal Data in connection with the Services.

A.6.2 Sub-Processor List. RevBridge shall maintain a list of Sub-Processors available upon Customer's request.

A.6.3 New Sub-Processors. RevBridge shall notify Customer of any new Sub-Processor at least fourteen (14) calendar days before granting such Sub-Processor access to Personal Data, by updating the Sub-Processor list. Customer may object to the appointment of a new Sub-Processor on reasonable grounds relating to data protection by providing written notice within such 14-day period. If no resolution can be reached within thirty (30) days, Customer may suspend or terminate the affected Service in accordance with the Terms, without prejudice to any fees incurred prior to termination.

A.6.4 Sub-Processor Liability. RevBridge shall impose data protection obligations on Sub-Processors that provide at least the same level of protection as those in this DPA. RevBridge remains liable for any breach of this DPA caused by its Sub-Processors.

A.7 International Data Transfers

Customer acknowledges that RevBridge may Process Personal Data in jurisdictions outside of Brazil. RevBridge shall ensure that any international transfer of Personal Data complies with Applicable Data Protection Laws, including by implementing appropriate safeguards such as standard contractual clauses or other valid transfer mechanisms recognized under applicable law.

A.8 Data Retention and Deletion

Upon termination of the Agreement, or upon Customer's written request, RevBridge shall delete or return all Personal Data (including copies thereof) within thirty (30) days, except to the extent RevBridge is required by applicable law to retain such data. Following deletion, RevBridge shall confirm deletion in writing upon Customer's request.

A.9 Audit

Upon Customer's written request (no more than once per calendar year), RevBridge shall provide written responses and reasonably requested information necessary to demonstrate compliance with this DPA. If such information does not satisfy Customer's obligations under Applicable Data Protection Laws, Customer may carry out an audit at its own expense, during normal business hours, upon three (3) weeks' advance written notice with a proposed audit plan. RevBridge will cooperate in good faith to agree on a final audit plan. If a third-party auditor is used, such auditor shall execute an appropriate confidentiality agreement with RevBridge. If the requested scope is covered by an audit report issued to RevBridge by a qualified third-party auditor within the prior twelve (12) months, the scope of Customer's audit shall be reduced accordingly.

A.10 Additional Provisions for GDPR

To the extent that RevBridge Processes Personal Data subject to the GDPR on behalf of Customer: (a) the parties acknowledge that Customer is the Controller and RevBridge is the Processor; (b) if RevBridge believes that Customer's instruction infringes European data protection laws, RevBridge will inform Customer without delay; (c) RevBridge will provide reasonable assistance with data protection impact assessments and consultations with supervisory authorities to the extent required; and (d) international transfers shall be subject to appropriate Standard Contractual Clauses or other valid mechanisms under European data protection law.

Annex 1 — Security Measures

This Annex forms part of the DPA (Addendum A).

RevBridge currently observes the following security measures. RevBridge reserves the right to update these measures provided that such updates do not result in a material degradation of protection.

Access Control

Preventing Unauthorized Access. RevBridge hosts its infrastructure with reputable cloud infrastructure providers that maintain industry-standard security certifications. Physical and environmental security controls of hosting providers are audited for compliance with recognized standards (e.g., SOC 2, ISO 27001).

Authentication. The Platform implements secure authentication mechanisms. Dashboard Users must authenticate before accessing any non-public Customer Data. RevBridge enforces password policies consistent with industry standards.

Authorization. Customer Data is stored in multi-tenant systems accessible only through application interfaces. The authorization model is designed to ensure that only appropriately assigned Dashboard Users can access relevant features, data, and configurations. Authorization is validated against user permissions associated with each data set.

API Access. Public APIs may be accessed using API keys or through OAuth authorization.

Network Security

Access Controls. Network access control mechanisms are designed to prevent unauthorized traffic from reaching the Platform infrastructure, including virtual private cloud implementations, security groups, and firewall rules.

Intrusion Detection and Prevention. RevBridge implements web application firewall (WAF) solutions to protect the Platform and other internet-accessible applications from known attack patterns.

Static Code Analysis. Security reviews of code are performed to check for coding best practices and identifiable software flaws.

Penetration Testing. RevBridge engages independent third-party penetration testing firms to conduct periodic security assessments. Upon request, RevBridge will provide a summary of penetration testing results to Customer on a confidential basis.

Data Protection

In-Transit Encryption. RevBridge makes HTTPS encryption (TLS) available on all interfaces. All data transmitted between Customer and the Platform is encrypted using industry-standard protocols.

At-Rest Encryption. Customer Data stored within the Platform is encrypted at rest using industry-standard encryption technologies.

Password Storage. User passwords are stored using one-way hashing algorithms consistent with industry security practices.

Monitoring and Incident Response

Detection. RevBridge's infrastructure logs system behavior, traffic, authentication events, and application requests. Log data is aggregated and monitored for malicious, unintended, or anomalous activities.

Response and Tracking. RevBridge maintains records of known security incidents including descriptions, timelines, and resolution steps. Suspected and confirmed incidents are investigated by security and operations personnel. Notification to Customer shall be in accordance with this DPA and the Terms.

Availability and Continuity

Infrastructure Availability. RevBridge's cloud infrastructure providers use commercially reasonable efforts to ensure high availability with redundancy in power, network, and environmental controls.

Backup and Recovery. Backup and replication strategies are designed to ensure redundancy and failover protection. Customer Data is backed up to multiple durable data stores and, where feasible, replicated across multiple availability zones.

Fault Tolerance. Production systems are architected to prevent single points of failure and to support seamless failover, minimizing downtime during maintenance and updates.

Personnel Security

Access Limitation. Only a limited subset of RevBridge personnel have access to Customer Data through controlled interfaces, solely for the purposes of providing support, troubleshooting, and responding to security incidents.

Confidentiality. All RevBridge personnel with access to Customer Data are bound by confidentiality obligations and are required to comply with RevBridge's internal privacy and security policies.

RevBridge AI Ltda.

CNPJ: 62.811.394/0001-15

Rua Pais Leme, nº 215, Conjunto 1713, Pinheiros, São Paulo/SP, CEP 05424-150

Brazil