MSA

WHEREAS, Provider offers a hosted software platform delivering digital-twin visualization, 3D mapping, BlackBox AI-powered intelligence, and related services for facility management, emergency preparedness, and operational efficiency; and

WHEREAS, Customer desires to obtain access to and use such services under the terms of this Agreement;

NOW, THEREFORE, in consideration of the mutual covenants and promises contained herein, the Parties agree as follows:

1.1 Services

Provider’s hosted software platform and related services offering access to digital twins, 3D models, mapping, BlackBox AI capabilities, and associated tools, as described in one or more executed order forms, proposals, or statements of work (each a "Statement of Work," and collectively "Statements of Work").

1.2 Platform

The hosted environment operated by Provider, deployed on third-party infrastructure (including AWS) and integrated with third-party content services (including Matterport).

1.3 Customer Data

All data, images, models, documents, video, photos, annotations, and other content captured for, uploaded by, or provided on behalf of Customer to the Platform, including any metadata generated by Customer’s use of the Services.

1.4 Authorized Users

Employees, contractors, and agents of Customer (including authorized partners designated by Customer) who are permitted to access and use the Services.

1.5 Third-Party Services

Services provided by third parties integrated with or used by the Services, including but not limited to AWS (cloud hosting) and Matterport (3D capture and visualization).

1.6 BlackBox AI

Provider’s proprietary artificial intelligence and analytics layer integrated within the Platform, which processes Customer Data and facility inputs to deliver automated incident routing, advanced analytics, equipment operation management, predictive alerts, and related operational intelligence capabilities. BlackBox AI is a core component of the Services and is described further at www.arkstrategic.io/blackbox.

2.1 Grant of Access

Subject to timely payment of all applicable fees and compliance with this Agreement, Provider grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right for Authorized Users to access and use the Services during the Term solely for Customer’s internal business or operational purposes.

2.2 Restrictions

Customer shall not, and shall not permit any third party to:

• (a) reverse engineer, decompile, or disassemble the Services;
• (b) modify or create derivative works of the Services;
• (c) rent, lease, lend, sell, or sublicense the Services;
• (d) use the Services to provide services to third parties except as reasonably required for Customer’s internal operations; or
• (e) use the Services in violation of applicable law.

Provider may publish and update a separate Acceptable Use Policy ("AUP") governing acceptable use of the Services, including the BlackBox AI layer. Customer’s use of the Services is subject to the then-current AUP.

2.3 Accounts and Credentials

Customer is responsible for maintaining the confidentiality of login credentials and for all activities occurring under its accounts. Customer shall promptly notify Provider of any unauthorized access or use.

2.4 Reservation of Rights

Except for the rights expressly granted herein, all rights, title, and interest in the Services remain exclusively with Provider and its licensors.

2.5 Beta Features

From time to time, Provider may invite Customer to try features identified as "Beta" or "Pilot." Such features are provided "as is" without warranty and may be modified or discontinued at any time.

2.6 API and Integration Terms

Where Provider makes application programming interfaces (APIs), webhooks, or integration endpoints available for the Services, including BlackBox AI, Customer’s use of them is subject to Provider’s published technical documentation, versioning, and rate limits. Provider will use commercially reasonable efforts to give advance notice before materially changing or deprecating a versioned API. Provider is not responsible for Customer-built integrations, automations, or downstream systems that rely on Service or BlackBox AI output data, and Customer is responsible for testing and maintaining such integrations.

3.1 Target Availability

Provider will use commercially reasonable efforts to make the core Platform (excluding Third-Party Services) available at least 99.5% of the time, measured monthly, excluding scheduled maintenance and downtime caused by (a) Third-Party Services, (b) force-majeure events, (c) Customer’s actions, or (d) internet failures beyond Provider’s control.

3.2 Reliance on Third-Party Services

Customer acknowledges that the Platform relies on Third-Party Services such as AWS and Matterport. Provider does not control and is not responsible for outages or degradations from such services but will use reasonable efforts to monitor, communicate, and mitigate issues when feasible.

3.3 Scheduled Maintenance

Provider may perform maintenance outside typical business hours where practicable and will provide advance notice of any expected material downtime.

3.4 Incident Response

In the event of an outage or material degradation, Provider will promptly investigate, coordinate with relevant third-party providers, and restore availability as soon as reasonably possible.

3.5 Service Credits

If monthly uptime falls below 99.5% for reasons within Provider’s control, Customer may request a service credit equal to 5% of the monthly fee for each full percentage point below target uptime, up to 20% per month.

3.6 Disaster Recovery and Business Continuity

Provider maintains a documented disaster recovery and business continuity plan designed to restore the Platform following a significant disruption, with defined recovery time and recovery point objectives. A summary of the plan is available to Customer upon written request.

4.1 Fees

Customer shall pay the fees specified in the applicable Statement of Work(s), which may include implementation fees, subscription fees, and other agreed charges.

4.2 Invoicing and Payment Terms

Fees are invoiced on the cadence specified in the applicable Statement of Work (which may be monthly, annual, or multi-year); absent a specified cadence, fees are invoiced annually in advance. Invoices are due within thirty (30) days of the invoice date. Late payments accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law.

4.3 Taxes

Fees are exclusive of taxes. Customer is responsible for all applicable taxes other than Provider’s income taxes.

4.4 Disputed Amounts

Customer must notify Provider in writing of any disputed charges within thirty (30) days of invoice receipt. Undisputed amounts remain payable as scheduled.

4.5 Non-Appropriation

If Customer’s governing body fails to appropriate funds for any renewal term, Customer may terminate this Agreement at the end of the current fiscal year with sixty (60) days’ written notice.

5.1 Ownership of Services

Provider and its licensors retain all rights, title, and interest in and to the Services, Platform, BlackBox AI, and all related intellectual property.

5.2 Ownership of Customer Data

Customer retains all rights, title, and interest in its Customer Data. Nothing in this Agreement transfers ownership of Customer Data to the Provider.

5.3 License to Customer Data

Customer grants Provider a limited, non-exclusive, royalty-free license to host, process, store, transmit, display, and otherwise use Customer Data solely as necessary to provide and support the Services and improve performance and reliability. Customer acknowledges that BlackBox AI processes Customer Data as part of the Services to generate automated decisions, alerts, health scoring, and operational intelligence. Such processing is performed solely to deliver the Services to Customer and does not grant Provider any ownership rights in Customer Data or outputs derived exclusively from Customer Data. Provider may create aggregated, de-identified data that does not identify Customer, which Provider may use for analytics and service improvement.

5.4 Feedback

Provider may use any feedback or suggestions from Customer without obligation, provided it does not identify Customer or disclose Customer Data.

5.5 No Data Mining

Provider shall not use Customer Data for unrelated commercial purposes, including AI training or data mining beyond the scope of service improvement. For clarity, BlackBox AI’s processing of Customer Data is limited to delivering and improving the Services and shall not be used to train models for deployment to unrelated third parties or for purposes outside the scope of this Agreement.

6.1 Security Program

Provider will maintain administrative, physical, and technical safeguards designed to protect Customer Data from unauthorized access, disclosure, or loss, consistent with industry-standard practices.

6.2 Data Breach Notification

In the event of confirmed unauthorized access to Customer Data within Provider’s systems, Provider will:

• (a) notify Customer within seventy-two (72) hours of confirming unauthorized access to Customer Data,
• (b) provide available information about the nature and scope of the incident, and
• (c) take reasonable steps to mitigate and prevent recurrence.

6.3 Data Location

Customer Data will be stored in data centers hosted by third-party infrastructure providers, within the United States, subject to those providers’ policies.

6.4 Subprocessors

Provider may use subprocessors to perform hosting or support functions and remains responsible for their compliance with this Agreement. Provider will notify Customer at least thirty (30) days before adding or replacing a subprocessor that will process Customer Data, including any change in the third-party AI inference providers used by BlackBox AI. The current list of subprocessors, including AI model vendors, is available upon request.

6.5 Student Data Privacy (FERPA and COPPA)

Where Customer is an educational institution or otherwise provides data subject to the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), or applicable state student-data-privacy laws: (a) any student data within Customer Data remains owned and controlled by Customer; (b) Provider acts as a "school official" with a legitimate educational interest under FERPA, processing student data solely to provide the Services and under Customer’s direction; (c) Provider will not use student data, including through BlackBox AI, for advertising, marketing, or to build a profile of a student except as needed to provide the Services; and (d) Provider will execute Customer’s standard Student Data Privacy Agreement where required prior to processing student data.

6.6 Automated Decision-Making and Explainability

BlackBox AI outputs — including automated incident routing, predictive alerts, health scoring, and analytics — are advisory and informational only and do not replace human judgment. Customer and its authorized personnel retain the right to review, override, or disregard any BlackBox AI output. Upon Customer’s written request, Provider will provide reasonable documentation describing the categories of data inputs and the general logic used by BlackBox AI to generate such outputs, subject to Provider’s confidentiality and intellectual-property rights.

6.7 Security Audits and Reports

In lieu of on-site audit rights, Provider will, upon Customer’s written request no more than once per year, provide its most recent SOC 2 Type II report (or a substantially equivalent third-party security assessment) covering the Platform, subject to confidentiality obligations.

7.1 Standard Support

Provider will provide email or remote support during normal business hours for questions regarding access, configuration, or use of the Services.

7.2 Training

Training for staff or administrators will be provided as set forth in the applicable Statement of Work.

7.3 Response Times

Provider will use commercially reasonable efforts to meet the following response targets based on issue severity, including failures of the BlackBox AI layer such as missed automated alerts or incident-routing errors during an active incident:

• P1 — Critical, including a BlackBox AI failure during an active incident: two (2) hour acknowledgment and eight (8) hour target resolution.
• P2 — Significant degradation: four (4) hour acknowledgment and two (2) business-day target resolution.
• P3 — General questions and requests: one (1) business-day acknowledgment and resolution on a best-efforts basis.

8.1 Term

This Agreement commences on the Effective Date and continues for the subscription period in the applicable Statement of Work ("Initial Term"). It renews automatically for additional terms ("Renewal Terms") unless either Party provides written notice of non-renewal at least sixty (60) days before the end of the current term.

8.2 Termination for Cause

Either Party may terminate this Agreement if the other Party materially breaches and fails to cure such breach within thirty (30) days after written notice, or if the other Party becomes insolvent or ceases operations.

8.3 Termination for Convenience (Public Customers)

Customer may terminate this Agreement, in whole or in part, for convenience with sixty (60) days’ written notice. Customer shall pay for all Services performed up to the effective termination date.

8.4 Effect of Termination

Upon termination, Customer’s access to the Services will cease. Upon written request within thirty (30) days (sixty (60) days for enterprise accounts), Provider will deliver Customer Data in a commercially reasonable, machine-readable format such as JSON or CSV. After such period, Provider may delete Customer Data subject to any retention obligations.

8.5 Survival

Sections 4–6, 9–14 shall survive any termination or expiration of this Agreement.

9.1 Mutual Warranties

Each Party represents that it has full power and authority to enter into and perform this Agreement.

9.2 Service Warranty

Provider warrants that the Services will materially conform to documentation and will be provided in a professional and workmanlike manner.

9.3 Disclaimer

EXCEPT AS EXPRESSLY PROVIDED, THE SERVICES ARE PROVIDED "AS IS." PROVIDER DISCLAIMS ALL OTHER WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. PROVIDER MAKES NO WARRANTY REGARDING THIRD-PARTY SERVICES, BLACKBOX AI OUTPUTS, OR UNINTERRUPTED OPERATION.

10.1 By Provider

Provider will defend and indemnify Customer from third-party claims alleging that authorized use of the Services infringes any U.S. patent, copyright, or trademark, or misappropriates a trade secret, excluding claims arising from (a) Customer Data, (b) modifications not made by Provider, (c) combination with non-Provider products, or (d) misuse.

10.2 By Customer

Customer will defend and indemnify Provider from third-party claims arising from Customer’s misuse of the Services or violation of law.

10.3 Conditions

The indemnified Party must promptly notify the indemnifying Party of any claim, grant control of the defense, and provide reasonable cooperation.

11.1 Exclusion of Certain Damages

NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS OR DATA, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 Cap on Liability

EXCEPT FOR PAYMENT OBLIGATIONS, INDEMNIFICATION, GROSS NEGLIGENCE, WILLFUL MISCONDUCT, FRAUD, OR A PARTY’S BREACH OF ITS CONFIDENTIALITY OR DATA-SECURITY OBLIGATIONS, EACH PARTY’S TOTAL LIABILITY SHALL NOT EXCEED THE AMOUNTS PAID BY CUSTOMER TO PROVIDER IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

11.3 Critical Incident Use; No Liability for Tactical or Life-Safety Outcomes

Customer acknowledges that the Services, including BlackBox AI, are informational and visualization tools only and do not constitute emergency command, tactical direction, safety instructions, or professional advice for law enforcement, fire, EMS, or any other first responder agency. BlackBox AI outputs — including automated routing decisions, predictive alerts, and analytics — are provided for informational purposes and do not replace human judgment or incident command systems. All decisions regarding deployment, tactics, entry, evacuation, use of force, or any other operational response remain solely with Customer and its authorized personnel and partners.

To the maximum extent permitted by applicable law:

• Customer remains fully and exclusively responsible for how the Services are used before, during, and after any incident, drill, or emergency response; and
• Ark Strategic shall have no liability for any personal injury, loss of life, property damage, or other harm or damages of any kind that arise out of or relate to:
• (a) tactical, operational, or safety decisions made by Customer or any first responder;
• (b) any delay, error, omission, or inaccuracy in data, visualizations, or BlackBox AI outputs displayed in the Services; or
• (c) reliance on the Services in connection with actual or simulated critical incidents.

For clarity, no feature of the Services, including BlackBox AI, is intended to replace incident command systems, standard operating procedures, or professional judgment, and Customer agrees not to represent the Services as such to its staff or partners.

12.1 Definition

"Confidential Information" means all non-public information disclosed by one Party to the other, including business, technology, security information, and proprietary AI components including BlackBox AI. Customer Data is deemed Confidential Information of Customer.

12.2 Obligations

Each Party will protect Confidential Information using at least reasonable care, use it only for performance under this Agreement, and not disclose it to any third party except those bound by comparable obligations.

12.3 Exceptions

Confidential Information does not include information that is (a) public, (b) already known without restriction, (c) independently developed, or (d) lawfully obtained from a third party.

12.4 Compelled Disclosure

A Party may disclose Confidential Information if required by law, provided it gives prompt notice (where legally permitted) and cooperates to limit disclosure.

12.5 Duration

Confidentiality obligations survive for three (3) years after termination, except for Customer Data and trade secrets, which remain confidential indefinitely.

Provider may list Customer’s name and logo in general customer listings and marketing materials, subject to Customer’s brand guidelines. Any detailed case study, press release, or public reference to a specific project requires prior written consent.

14.1 Independent Contractors

The Parties are independent contractors. Nothing herein creates a partnership, joint venture, or agency relationship.

14.2 Assignment

Customer may not assign this Agreement without Provider’s prior written consent, except to a governmental successor. Provider may assign in connection with a merger or sale of assets.

14.3 Governing Law and Venue

This Agreement is governed by the laws of the State of Wyoming, without regard to conflict-of-law principles. The exclusive venue for disputes shall be the state or federal courts located in Sheridan County, Wyoming.

14.4 Notices

All notices must be in writing and delivered by hand, certified mail, or recognized courier to the addresses below (or as updated in writing):

For Provider: Ark Strategic, Inc., Attn: G. Sean Cassidy, 200 S. Andrews Ave, Suite 502-1002, Fort Lauderdale, FL 33301. Email: gsean@arkstrategic.io

For Customer: as set forth in the applicable Statement of Work or order form.

14.5 Entire Agreement; Order of Precedence

This Agreement and any Statements of Work constitute the entire agreement between the Parties. In case of conflict, the applicable Statement of Work controls, followed by this Agreement.

14.6 Amendments

Amendments must be in writing and signed by both Parties.

14.7 Severability

If any provision is held invalid, the remainder remains in effect.

14.8 Waiver

Failure to enforce any provision shall not constitute a waiver.

14.9 Force Majeure

Neither Party shall be liable for delays or failures due to causes beyond its reasonable control.

14.10 Counterparts; Electronic Signatures

This Agreement may be executed in counterparts, including electronic or DocuSign signatures, each deemed an original.

14.11 No Third-Party Beneficiaries

No person other than the Parties shall have any rights or remedies under this Agreement.