Legal center

Terms and Conditions.

The current graph8 agreements, versioned and readable in one place: cloud service, privacy, data processing, SMS, calling, CIENCE services, talent, agency, and marketplace terms.

graph8 legal stack Latest: v2.4.0
2.4.0 Cloud Service Agreement Effective June 8, 2026
2.4.0 Data Processing Agreement Effective June 8, 2026
2.4.0 Privacy Policy Effective June 8, 2026
2.3.0 SMS Terms and Conditions Effective June 6, 2026
2.3.0 Calling and Recording Terms Effective June 6, 2026
Change Log

This update documents how graph8 handles email opt-outs and suppression. Every commercial email carries a one-click unsubscribe (List-Unsubscribe and List-Unsubscribe-Post headers), opt-outs are recorded in an account-wide suppression registry checked against future sends, hard bounces and spam complaints are suppressed automatically, and suppression records may be retained after deletion or termination so opted-out recipients are not contacted again. These tools are designed to support each customer's compliance obligations and do not replace the customer's own responsibility for lawful sending.

Nine legal documents Cloud Service Agreement Data Processing Agreement Privacy Policy SMS Terms and Conditions Calling and Recording Terms CIENCE Services Addendum Talent Participation Agreement Agency Participation Agreement Marketplace Terms & Conditions
01 / Legal documents

Navigate every current agreement.

The controls mirror the original legal viewer: pick a document, scan its table of contents, or open the versioned change log.

Enterprise Legal Package

Download the latest reference documents, or review the full enterprise legal package in the graph8 legal review center.

2.4.0

Cloud Service Agreement

Last UpdatedJune 8, 2026 Effective DateJune 8, 2026
Table of Contents
1. Service2. Access and Use of Data Products3. Restrictions & Obligations4. Privacy & Security5. Payment & Taxes6. Term & Termination7. Representations & Warranties8. Disclaimer of Warranties9. Limitation of Liability10. Indemnification11. Confidentiality12. Reservation of Rights13. General Terms14. Definitions

1. Service

1.1 Access and Use. During the Subscription Period and subject to the terms of this Agreement, Customer may (a) access and use the Cloud Service; and (b) copy and use the included Software and Documentation only as needed to access and use the Cloud Service, in each case, for its internal business purposes. If a Customer Affiliate enters a separate Order Form with Provider, the Customer's Affiliate creates a separate agreement between Provider and that Affiliate, where Provider's responsibility to the Affiliate is individual and separate from Customer and Customer is not responsible for its Affiliates' agreement.

1.2 Support. During the Subscription Period, Provider will provide Technical Support as described in the Order Form.

1.3 User Accounts. Customer is responsible for all actions on Users' accounts and for all Users' compliance with this Agreement. Customer and Users must protect the confidentiality of their passwords and login credentials. Customer will promptly notify Provider if it suspects or knows of any fraudulent activity with its accounts, passwords, or credentials, or if they become compromised.

1.4 Feedback and Usage Data. Customer may, but is not required to, give Provider Feedback, in which case Customer gives Feedback "AS IS". Provider may use all Feedback freely without any restriction or obligation. In addition, Provider may collect and analyze Usage Data, and Provider may freely use Usage Data to maintain, improve, enhance, and promote Provider's products and services without restriction or obligation. However, Provider may only disclose Usage Data to others if the Usage Data is aggregated and does not identify Customer or Users.

1.5 Customer Content. Provider may copy, display, modify, and use Customer Content only as needed to provide and maintain the Product and related offerings. Customer is responsible for the accuracy and content of Customer Content.

1.6 AI Features and Machine Learning. The Service includes features powered by artificial intelligence and machine learning ("AI Features"). The following terms govern their use.

1.6.1 Training on Aggregated Data. Usage Data and Customer Content may be used to develop, train, or enhance artificial intelligence or machine learning models that are part of Provider's products and services, including third-party components of the Product, and Customer authorizes Provider to process its Usage Data and Customer Content for such purposes. Provider will (a) aggregate Usage Data and Customer Content before use for model training, and (b) use commercially reasonable efforts consistent with industry-standard technology to de-identify Usage Data and Customer Content before such use. Nothing in this section reduces or limits Provider's obligations regarding Personal Data under Applicable Data Protection Laws.

1.6.2 AI Output Disclaimer. AI Features are provided "AS IS" for the purpose of AI-generated outputs. Provider makes no warranty, express or implied, that AI-generated outputs will be accurate, complete, current, non-infringing, fit for any particular purpose, or free from errors, omissions, or fabricated content (commonly referred to as "hallucinations"). AI Features are not a substitute for human review, professional advice, or Customer's independent judgment. The limitations in this Section 1.6.2 are in addition to, and not in limitation of, the disclaimer in Section 8 (Disclaimer of Warranties).

1.6.3 Ownership of AI Outputs. As between the parties, Customer owns all inputs it submits to AI Features ("AI Inputs") and all outputs generated by AI Features in response to those inputs ("AI Outputs"), subject to Provider's underlying intellectual property rights in the AI Features themselves. Provider's rights in AI Outputs are limited to those needed to provide and maintain the Service as described in Section 1.5 (Customer Content).

1.6.4 Customer Responsibility for AI Outputs. Customer is solely responsible for reviewing AI Outputs before using them, sending them to third parties, incorporating them into Customer's materials, or relying on them for any business decision. Customer's use of AI Outputs is at Customer's own risk. Customer's indemnification obligations in Section 10 (Indemnification) extend to any claim arising from Customer's deployment or distribution of AI Outputs without adequate human review.

1.6.5 Third-Party AI Model Providers. Provider uses the following third-party AI model providers as subprocessors to power AI Features: OpenAI, L.L.C. (USA); Anthropic, PBC (USA); and Google LLC (USA). Provider uses these providers via commercial API tiers that, under Provider's agreements with those providers, do not permit the provider to use Customer Data to train their respective foundation models. Provider may add, remove, or substitute AI model providers in accordance with the subprocessor update process described in the applicable Data Processing Agreement.

1.6.6 Autonomous AI Agents. Certain AI Features operate as autonomous or semi-autonomous agents ("AI Agents") that may take sequences of actions, send messages, query data sources, or interact with third-party services on Customer's behalf, based on instructions and permissions Customer configures ("Customer-Configured Actions"). Customer acknowledges that (a) AI Agents act on Customer's behalf in accordance with Customer-Configured Actions; (b) Customer is solely responsible for the instructions, permissions, and scope it grants to AI Agents; (c) Customer is solely responsible for the consequences of actions taken by AI Agents within the scope of Customer-Configured Actions; and (d) Customer must ensure AI Agent use complies with Applicable Laws and the Acceptable Use obligations in Section 3.4 (Acceptable Use of AI Features and Outbound Communications).

2. Access and Use of Data Products

2.1 Grant of License. Provider grants Customer a non-exclusive, non-transferable right to access and use the B2B Contact Data, Intent Data, and Website Visitor Identification Data (collectively, "Data Products") solely for Customer's internal business purposes during the Subscription Period.

2.2 Permitted Uses. a) Customer may use the Data Products for marketing, sales, and other business activities as explicitly permitted by this Agreement. b) Customer is not allowed to resell the Data Products or provide the Data Products to third parties.

2.3 Prohibited Uses. Customer shall not sell, rent, lease, sublicense, distribute, or otherwise provide the Data Products to any third party. Reselling of data in any form is strictly prohibited.

2.4 Compliance with Data Protection Laws. a) Customer must comply with all applicable data protection laws and regulations in relation to the use of the Data Products, including obtaining necessary consents from individuals where required. b) Customer is required to follow GDPR regulations, and in the US, CCPA and other required regulations on a federal and state level.

2.5 Data Security and Confidentiality. a) Customer shall implement appropriate technical and organizational measures to protect the Data Products against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure. b) Data should only be exported to authorized and vetted third-party connections, including Snowflake and other data pipeline providers. Customer should check with Provider for approved vendors. c) Customer shall maintain the confidentiality of the Data Products and shall not disclose them to any third party except as necessary for its permitted use under this Agreement.

2.6 Website Visitor Identification Data. Customer shall not sell, rent, lease, sublicense, distribute, or otherwise provide the Data Products to any third party. Reselling of data in any form is strictly prohibited.

2.7 Prohibited Uses. a) Customer may use Provider's scripts on its website to collect metadata and cookie data from site visitors for the purpose of identifying anonymous site visitors. b) Customer must ensure that its use of scripts and the collection of metadata and cookie data complies with its own website privacy policies and applicable data protection laws. c) The data collected through Provider's scripts may be used by Customer to identify and analyze anonymous site visitors for marketing and sales purposes as permitted by this Agreement.

2.8 Mutual Indemnification for Data Product Use. a) Provider Indemnity. Provider shall indemnify, defend, and hold Customer harmless from any third-party claims, damages, or losses arising from a breach of data protection laws or misuse of the Data Products, in either case, resulting from Provider's performance of the CIENCE Services (as defined in the CIENCE Services Addendum) on Customer's behalf. b) Customer Indemnity. Customer shall indemnify, defend, and hold Provider harmless from any third-party claims, damages, or losses arising from a breach of data protection laws or misuse of the Data Products, in either case, resulting from Customer's use of the Data Products that is separate and independent from the CIENCE Services performed by Provider. c) Clarification. This Section 2.8 governs the specific use of "Data Products". The parties' general mutual indemnification obligations (for intellectual property infringement, etc.) are governed by Section 10.

2.9 Termination and Data Return. Upon expiration or termination of the Agreement, Customer will: (a) cease all use of the Data Products and, upon request, return or destroy all copies of the Data Products in its possession; provided, however, that Customer may retain and perpetually use any B2B Contact Data or Website Visitor Identification Data that was (i) identified and used for a specific campaign, (ii) for which any applicable Fees or credits were paid by Customer, and (iii) exported to Customer's data warehouse instance as part of the Services.

2.10 Third-Party and Enrichment Data.

2.10.1 Third-Party Sources. Certain data made available through the Service, including B2B Contact Data, Intent Data, and Website Visitor Identification Data (collectively, "Third-Party Data"), is sourced in whole or in part from third-party data providers. Provider does not independently verify Third-Party Data and provides it to Customer "AS IS" and "AS AVAILABLE" without warranty of accuracy, completeness, currentness, fitness for a particular purpose, or lawful origin. The disclaimers in Section 8 (Disclaimer of Warranties) apply in full to Third-Party Data.

2.10.2 Customer Responsibility for Lawful Use. Customer is solely responsible for evaluating the accuracy and suitability of Third-Party Data before acting on it and for ensuring that Customer's receipt, storage, use, and processing of Third-Party Data complies with all Applicable Laws, including Applicable Data Protection Laws. Customer's representations in Section 3.4.1 (Lawful Basis and Consent) apply to any Third-Party Data Customer uses to initiate outbound communications.

2.10.3 No Data Vendor Warranties Pass Through. Any warranties, representations, or indemnities that Provider may hold from its data suppliers are for Provider's benefit only and do not run to, or create any rights for, Customer unless expressly stated in an addendum signed by Provider.

3. Restrictions & Obligations

3.1 Restrictions on Customer. Except as expressly permitted by this Agreement, Customer will not (and will not allow anyone else to): (i) reverse engineer, decompile, or attempt to discover any source code or underlying ideas or algorithms of the Product (except to the extent Applicable Laws prohibit this restriction); (ii) provide, sell, transfer, sublicense, lend, distribute, rent, or otherwise allow others to access or use the Product; (iii) remove any proprietary notices or labels; (iv) copy, modify, or create derivative works of the Product; (v) conduct security or vulnerability tests on, interfere with the operation of, cause performance degradation of, or circumvent access restrictions of the Product; (vi) access accounts, information, data, or portions of the Product to which Customer does not have explicit authorization; (vii) use the Product to develop a competing service or product; (viii) use the Product with any High Risk Activities or with any activity prohibited by Applicable Laws; (ix) use the Product to obtain unauthorized access to anyone else's networks or equipment; or (x) upload, submit, or otherwise make available to the Product any Customer Content to which Customer and Users do not have the proper rights.

3.2 Use of the Product must comply with all Documentation and Use Limitations.

3.3 Suspension. If Customer (a) has an outstanding, undisputed balance on its account for more than 30 days; (b) breaches Section 3.1 (Restrictions on Customer); or (c) uses the Product in violation of the Agreement or in a way that materially and negatively impacts the Product or others, then Provider may temporarily suspend Customer's access to the Product with or without notice. However, Provider will try to inform Customer before suspending Customer's account when practical. Provider will reinstate Customer's access to the Product only if Customer resolves the underlying issue.

3.4 Acceptable Use of AI Features and Outbound Communications.

3.4.1 Lawful Basis and Consent. Customer represents and warrants that, before loading prospect data into the Service or using the Service to initiate communications with any individual, Customer has (a) a lawful basis under all Applicable Laws (including, where required, specific prior consent) to contact that individual; (b) complied with all applicable notice and opt-out requirements; and (c) the right to provide that individual's personal data to Provider for processing in connection with the Service.

3.4.2 Outbound Communications Compliance. Customer is solely responsible for ensuring that all outbound communications initiated through the Service (including emails, voicemails, text messages, LinkedIn messages, and any other channel) comply with all Applicable Laws and applicable third-party platform rules and terms of service, including without limitation: the U.S. CAN-SPAM Act; the U.S. Telephone Consumer Protection Act (TCPA) and applicable FCC rules; applicable state telemarketing and do-not-call laws; the EU ePrivacy Directive and any national implementing laws; the GDPR (where applicable); and the terms of service of third-party platforms through which communications are sent (including LinkedIn and similar professional networks). Provider makes no representation that use of the Service satisfies any particular Applicable Law or platform rule; compliance determinations are Customer's sole responsibility.

3.4.3 Unsubscribe, Opt-Out, and Suppression. Customer will ensure that all email, sequence, campaign, newsletter, and other commercial communications sent using the Service include and honor the unsubscribe, opt-out, and suppression mechanisms required by Applicable Laws and applicable platform rules. The Service provides opt-out and suppression functionality designed to support Customer's compliance obligations, which may include one-click unsubscribe signaling (such as List-Unsubscribe and List-Unsubscribe-Post headers), unsubscribe links, suppression checks, and related tooling; the specific mechanisms available may depend on the type of send and account configuration. Customer will not remove, disable, obscure, bypass, or interfere with any unsubscribe, opt-out, or suppression functionality provided by the Service, and will promptly honor all opt-out, unsubscribe, objection, deletion, and do-not-contact requests received from recipients through any channel. When a recipient unsubscribes, opts out, bounces, submits a spam complaint, or otherwise requests removal, Provider may add the recipient or related contact information to an account-level suppression registry used to prevent further communications through the Service across current and future campaigns. Customer authorizes Provider to retain suppression records after expiration or termination of the applicable account, Order Form, or Agreement as reasonably necessary to honor opt-out requests, comply with Applicable Laws, protect deliverability, and prevent abuse. Provider's unsubscribe, opt-out, and suppression tools are designed to support Customer's compliance obligations but do not replace Customer's independent responsibility to determine the lawful basis, consent status, sender identity, message content, targeting, and legal permissibility of each communication.

3.4.4 Prohibited Outbound Uses. Customer will not, and will not permit any User or AI Agent to, use the Service to send or facilitate communications that are: (a) unlawful under any Applicable Law; (b) deceptive or fraudulent, including use of false sender identities or misleading subject lines; (c) harassing or abusive; (d) discriminatory on the basis of any characteristic protected under Applicable Laws; or (e) in violation of the terms of service of any third-party platform through which the communication is transmitted.

3.4.5 Prohibited AI Uses. In addition to the restrictions in Section 3.1, Customer will not use AI Features to: (a) generate content intended to deceive any person about the human or AI origin of the communication where disclosure is required by Applicable Laws; (b) make automated decisions about individuals that have legally significant or similarly significant effects without implementing any human review or safeguards required by Applicable Laws; or (c) process Prohibited Data.

4. Privacy & Security

4.1 Personal Data. Before submitting Personal Data governed by GDPR, Customer must enter into a data processing agreement with Provider. If the parties have a DPA, each party will comply with its obligations in the DPA, the terms of the DPA will control each party's rights and obligations as to Personal Data, and the terms of the DPA will control in the event of any conflict with this Agreement.

4.2 Prohibited Data. Customer will not (and will not allow anyone else to) submit Prohibited Data to the Product unless authorized by the Order Form or Key Terms.

5. Payment & Taxes

5.1 Fees. Unless the Order Form specifies a different currency, all Fees are in U.S. Dollars and are exclusive of taxes. Fees consist of two components: a) Fixed Fee: As specified in the Order Form. b) Usage-based Fees: Applicable for both voice AI solution (charged on a per-minute basis) and B2B data enrichment services (charged based on credits used). Except for the prorated refund of prepaid Fees allowed with specific termination rights given in the Agreement, Fees are non-refundable.

5.2 Fixed Fee Invoicing All Fixed Fees (including Platform Subscription, Growth Manager services, and any one-time setup fees) are due and payable in advance on the first day when signing the contract. For subsequent monthly billing periods, Platform Subscription and Growth Manager fees are invoiced monthly and due on the monthly renewal date for the next month's service period, according to the Payment Process.

5.3 Usage-based Fee Payment Options For both the voice AI solution and B2B data enrichment services, Customer may choose one of the following payment options: a) Credit Card on File: Customer provides a credit card to be charged based on usage thresholds. b) Prepaid Account: Customer prepays for usage in fixed increments.

5.4 Credit Card on File If Customer chooses the Credit Card on File option: a) Provider will automatically charge the credit card for Usage-based Fees according to the Payment Process. b) Customer authorizes all such charges. c) Provider will make a copy of Customer's bills or transaction history available to Customer. d) Customer may set usage thresholds for automatic reloading of the account.

5.5 Prepaid Account. If Customer chooses the Prepaid Account option: a) Customer must maintain a positive balance in the Prepaid Account to continue using both the voice AI solution and B2B data enrichment services. b) Customer can fund the Prepaid Account through wire transfer or credits from approved partners. c) The minimum initial prepayment amount is USD 50 or as specified in the Order Form. d) When the Prepaid Account balance reaches 10% of the initial prepayment amount, Customer will be notified to reload the account. e) If the Prepaid Account balance reaches zero, access to both the voice AI solution and B2B data enrichment services may be suspended until the account is reloaded.

5.6 Credits: Mechanics, Expiry, and Authoritative Records.

5.6.1 Nature of Credits. Credits are prepaid usage units purchased in advance by Customer and consumed on a metered basis as Customer uses the Service. Credits do not constitute a deposit, escrow, or financial instrument and carry no monetary redemption value outside the Service.

5.6.2 Consumption. Credits are deducted when Customer initiates a metered action (including data enrichment, voice AI minutes, AI agent actions, and any other metered feature). The number of credits required for each action is displayed to Customer in the user interface at or before the time of the action. For B2B data enrichment services, credits can be applied to any enrichment provider available on the Service. Provider's metering systems and transaction records are authoritative for purposes of determining credit consumption and account balances, absent manifest error. If Customer believes a credit deduction is in error, Customer must notify Provider within 10 business days of the deduction, after which the deduction is deemed accepted.

5.6.3 Non-Refundability. Except as expressly set out in Section 6.4 (Force Majeure) or a written Order Form, credits are non-refundable and have no cash value upon termination or expiry of the Agreement.

5.6.4 Expiry. Credits expire as set out in the Order Form. If the Order Form does not specify an expiry date, credits expire 12 months from the date of purchase. Expired credits are forfeited without refund.

5.6.5 Price and Rate Changes. Provider may change credit prices, credit conversion rates, or the number of credits required per action on not less than 30 days written notice to Customer. Continued use of the Service after the notice period constitutes acceptance of the updated rates. Changes do not affect credits Customer has already purchased, but do apply to new purchases and to ongoing metered consumption after the effective date.

5.6.6 Payment Processor. Payment for credits and Fees is processed by Stripe, Inc. as Provider's payment processor. By submitting payment information, Customer agrees to Stripe's then-current terms of service and privacy policy. Provider does not store Customer's full payment card details.

5.6.7 Taxes. All credits and Fees are exclusive of taxes. Customer is responsible for all sales, use, VAT, GST, withholding, and other taxes imposed on credit purchases and Fee payments, except for Provider's income taxes. Where Provider is legally required to collect tax, Provider will add it to the invoice and Customer will pay it.

5.6.8 Account Dashboard. Credit usage, voice AI usage, and account balance are viewable in Customer's account dashboard. Third-party tool charges appear as separate line items in the credit ledger as described in Section 5.7.6.

5.7 Third-Party Tools, Credit Conversion, and Billing

5.7.1 Use of Third-Party Services. As part of delivering Services (including but not limited to SDR services, data enrichment, sales outreach, prospecting, or campaign execution), Provider and its affiliated CIENCE delivery teams may use third-party platforms, tools, or data providers ("Third-Party Tools"). These may include, but are not limited to: (a) contact enrichment services (e.g., Clay, Apollo, MixRank, Clearbit), (b) LLM-powered enrichment or token-based processing, and (c) seat-based tools such as LinkedIn Sales Navigator, HeyReach, or other outreach or data platforms.

5.7.2 Client Responsibility for Third-Party Charges. When Third-Party Tools are used on behalf of Customer, Customer agrees to be responsible for the associated fees. Provider will pass through these costs to Customer as credit-based line items within the graph8 platform.

5.7.3 Conversion of Third-Party Costs Into Credits: Enrichment-Based Usage (Variable Costs). For usage-based or consumption-based Third-Party Tools (including LLM token costs, per-lookup enrichment, and variable API calls), fees will be converted into graph8 credits using the following formula:

Credits Charged = (Third-Party Cost ร— 1.3) รท Credit Conversion Rate

Provider applies a 30% margin to enrichment-based costs to account for processing and delivery overhead.

5.7.4 Conversion of Third-Party Costs Into Credits: Seat-Based Tools (Fixed Monthly Costs). For monthly or per-seat Third-Party Tools used on behalf of Customer, Provider will convert the vendor's public list price into credits at the standard Credit Conversion Rate. No margin is added to seat-based tools.

5.7.5 Credit Conversion Rate. For the purposes of this Agreement, credits are valued based on Customer's current subscription plan. Unless otherwise specified, the standard Credit Conversion Rate is defined as: 1 credit = Total Subscription Fee / Total Monthly Credits Provided. Example (Platform Plan): $499 / 75,000 credits.

5.7.6 Billing and Line-Item Visibility. All Third-Party Tool charges will appear as separate line items in Customer's monthly credit ledger and billing statement. Each line item will include: (a) the name of the Third-Party Tool, (b) the underlying USD cost (for transparency), (c) the number of credits deducted, and (d) whether a margin was applied (enrichment only).

5.7.7 Credit Deduction Timing. (a) Enrichment usage will be deducted upon completion of enrichment or API processing. (b) Seat-based tools will be deducted on the first day of each month for the upcoming billing period. (c) Additional charges may apply if multiple seats are required for Customer operations.

5.7.8 Client Authorization. By using the Product and the associated CIENCE services, Customer expressly authorizes Provider to procure and utilize Third-Party Tools as needed to perform the agreed-upon services and to convert such costs into credits for billing. All converted charges will be governed by the formulas and structure described above.

5.7.9 Client Disputes. Customer may request clarification for any Third-Party Tool charge within 10 business days of the billing period. After this period, charges are considered accepted.

5.7.10 Changes to Third-Party Rates. Vendor prices for Third-Party Tools may change. Provider may adjust the credit conversion accordingly without prior notice, provided the adjustment reflects the updated vendor list price or usage cost.

5.8 Taxes. Customer is responsible for all duties, taxes, and levies that apply to Fees, including sales, use, VAT, GST, or withholding, that Provider itemizes and includes in an invoice. However, Customer is not responsible for Provider's income taxes.

5.9 Payment Customer will pay Provider Fees and taxes in U.S. Dollars, unless the Order Form specifies a different currency, according to the Payment Process.

5.10 Payment Dispute. If Customer has a good-faith disagreement about the Fees charged or invoiced, Customer must notify Provider about the dispute before payment is due, or within 30 days of an automatic payment, and must pay all undisputed amounts on time. The parties will work together to resolve the dispute within 15 days. If no resolution is agreed, each party may pursue any remedies available under the Agreement or Applicable Laws.

6. Term & Termination

6.1 Order Form and Agreement. For each Order Form, the Agreement will start on the Order Date, continue through the Subscription Period, and automatically renew for additional Subscription Periods unless one party gives notice of non-renewal to the other party before the Non-Renewal Notice Date.

6.2 Framework Terms. These Framework Terms will start on the Effective Date and continue for the longer of one year or until all Order Forms governed by the Framework Terms have ended.

6.3 Termination. Either party may terminate the Framework Terms or an Order Form immediately: a) if the other party fails to cure a material breach of the Framework Terms or an Order Form following 30 days notice; b) upon notice if the other party (i) materially breaches the Framework Terms or an Order Form in a manner that cannot be cured; (ii) dissolves or stops conducting business without a successor; (iii) makes an assignment for the benefit of creditors; or (iv) becomes the debtor in insolvency, receivership, or bankruptcy proceedings that continue for more than 60 days.

6.4 Force Majeure. Either party may terminate an affected Order Form upon notice if a Force Majeure Event prevents the Product from materially operating for 30 or more consecutive days. Provider will pay to Customer a prorated refund of any prepaid Fees for the remainder of the Subscription Period. A Force Majeure Event does not excuse Customer's obligation to pay Fees accrued prior to termination.

6.5 Effect of Termination. Termination of the Framework Terms will automatically terminate all Order Forms governed by the Framework Terms. Upon any expiration or termination: a) Customer will no longer have any right to use the Product. b) Upon Customer's request, Provider will delete Customer Content within 60 days. c) Each Recipient will return or destroy Discloser's Confidential Information in its possession or control. d) Provider will submit a final bill or invoice for all outstanding Fees accrued before termination and Customer will pay the invoice according to Section 5 (Payment & Taxes).

6.6 Survival. a) The following sections will survive expiration or termination of the Agreement: Section 1.4 (Feedback and Usage Data), Section 1.6 (Machine Learning), Section 3.1 (Restrictions on Customer), Section 5 (Payment & Taxes) for Fees accrued or payable before expiration or termination, Section 6.5 (Effect of Termination), Section 6.6 (Survival), Section 7 (Representations & Warranties), Section 8 (Disclaimer of Warranties), Section 9 (Limitation of Liability), Section 10 (Indemnification), Section 11 (Confidentiality), Section 12 (Reservation of Rights), Section 13 (General Terms), Section 14 (Definitions), and the portions of a Cover Page referenced by these sections. b) Each Recipient may retain Discloser's Confidential Information in accordance with its standard backup or record retention policies maintained in the ordinary course of business or as required by Applicable Laws, in which case Section 4 (Privacy & Security) and Section 11 (Confidentiality) will continue to apply to retained Confidential Information.

7. Representations & Warranties

7.1 Mutual. Each party represents and warrants to the other that: (a) it has the legal power and authority to enter into this Agreement; (b) it is duly organized, validly existing, and in good standing under the Applicable Laws of the jurisdiction of its origin; (c) it will comply with all Applicable Laws in performing its obligations or exercising its rights in this Agreement; and (d) it will comply with the Additional Warranties.

7.2 From Customer. Customer represents and warrants that it, all Users, and anyone submitting Customer Content each have and will continue to have all rights necessary to submit or make available Customer Content to the Product and to allow the use of Customer Content as described in the Agreement.

7.3 From Provider. Provider represents and warrants to Customer that it will not materially reduce the general functionality of the Cloud Service during the Subscription Period.

7.4 Provider Warranty Remedy. If Provider breaches the warranty in Section 7.3 (Representations & Warranties from Provider), Customer must give Provider notice (with enough detail for Provider to understand or replicate the issue) within 45 days of discovering the issue. Within 45 days of receiving sufficient details of the warranty issue, Provider will attempt to restore the general functionality of the Cloud Service. If Provider cannot resolve the issue, Customer may terminate the affected Order Form and Provider will pay to Customer a prorated refund of prepaid Fees for the remainder of the Subscription Period. Provider's restoration obligation, and Customer's termination right, are Customer's only remedies if Provider does not meet the warranty in Section 7.3 (Representations & Warranties from Provider).

8. Disclaimer of Warranties

Provider makes no guarantees that the Product will always be safe, secure, or error-free, or that it will function without disruptions, delays, or imperfections. The warranties in Section 7 (Representations & Warranties) do not apply to any misuse or unauthorized modification of the Product, nor to any product or service provided by anyone other than Provider. Except for the warranties in Section 7 (Representations & Warranties), Provider and Customer each disclaim all other warranties and conditions, whether express or implied, including the implied warranties and conditions of merchantability, fitness for a particular purpose, title, and non-infringement. These disclaimers apply to the maximum extent permitted by Applicable Laws.

8.1 AI Features Disclaimer. Without limiting the foregoing, Provider expressly disclaims any warranty that AI-generated outputs will be accurate, complete, non-infringing, or fit for any particular purpose. AI Features may produce outputs that are incorrect, outdated, biased, or otherwise unsuitable for Customer's intended use. Provider makes no warranty that AI Features will satisfy requirements of any Applicable Law, professional standard, or regulatory framework. Provider is not responsible for any harm arising from Customer's reliance on AI-generated outputs without independent verification.

8.2 Third-Party and Enrichment Data Disclaimer. Data Products and other Third-Party Data made available through the Service are provided "AS IS" and "AS AVAILABLE." Provider makes no warranty, express or implied, that Third-Party Data is accurate, complete, current, lawfully sourced, or fit for any particular purpose, including outbound prospecting, marketing, or sales. Customer bears all risk arising from its use of Third-Party Data.

9. Limitation of Liability

9.1 Liability Caps. a) General Cap Amount: Except as provided in Section 9.4 (Exceptions), each party's total cumulative liability for all claims arising out of or relating to this Agreement will be limited to 1x the fees paid by Customer to Provider over the last 12 months. b) Increased Cap Amount: For any Increased Claims, each party's total cumulative liability for all Increased Claims arising out of or relating to this Agreement will be limited to 2x the fees paid by Customer to Provider over the last 12 months.

9.2 Damages Waiver. Except as provided in Section 9.4 (Exceptions), under no circumstances will either party be liable to the other for lost profits or revenues (whether direct or indirect), or for consequential, special, indirect, exemplary, punitive, or incidental damages relating to this Agreement, even if the party is informed of the possibility of this type of damage in advance.

9.3 Applicability. The limitations and waivers contained in Sections 9.1 (Liability Caps) and 9.2 (Damages Waiver) apply to all liability, whether in tort (including negligence), contract, breach of statutory duty, or otherwise.

9.4 Exceptions. The liability cap in Section 9.1(a) does not apply to any Increased Claims. Section 9.1 (Liability Caps) does not apply to any Unlimited Claims. Section 9.2 (Damages Waiver) does not apply to any Increased Claims or a breach of Section 11 (Confidentiality). Nothing in this Agreement will limit, exclude, or restrict a party's liability to the extent prohibited by Applicable Laws.

10. Indemnification

10.1 Protection by Provider. Provider will indemnify, defend, and hold harmless Customer from and against all Provider Covered Claims made by someone other than Customer, Customer's Affiliates, or Users, and all out-of-pocket damages, awards, settlements, costs, and expenses, including reasonable attorneys' fees and other legal expenses, that arise from the Provider Covered Claims.

10.2 Protection by Customer. Customer will indemnify, defend, and hold harmless Provider from and against all Customer Covered Claims made by someone other than Provider or its Affiliates, and all out-of-pocket damages, awards, settlements, costs, and expenses, including reasonable attorneys' fees and other legal expenses, that arise from the Customer Covered Claims. Without limiting the foregoing, Customer's indemnification obligation expressly includes all claims, penalties, fines, regulatory actions, and liabilities (including reasonable attorneys' fees) arising from or relating to: (a) Customer's or any User's outbound communications sent through the Service, including claims under CAN-SPAM, TCPA, GDPR, ePrivacy laws, and applicable state or foreign equivalents; (b) Customer's violation of any third-party platform's terms of service (including LinkedIn or similar professional networks) in connection with use of the Service; (c) Customer's use of or reliance on AI-generated outputs without adequate human review; (d) AI Agent actions taken within the scope of Customer-Configured Actions; (e) Customer's use of Third-Party Data in violation of Applicable Laws; and (f) any allegation that Customer lacked a lawful basis or required consent to contact an individual using the Service.

10.3 Procedure. The Indemnifying Party's obligations in this section are contingent upon the Protected Party: (a) promptly notifying the Indemnifying Party of each Covered Claim for which it seeks protection; (b) providing reasonable assistance to the Indemnifying Party at the Indemnifying Party's expense; and (c) giving the Indemnifying Party sole control over the defense and settlement of each Covered Claim. A Protected Party may participate in a Covered Claim for which it seeks protection with its own attorneys only at its own expense. The Indemnifying Party may not agree to any settlement of a Covered Claim that contains an admission of fault or otherwise materially and adversely impacts the Protected Party without the prior written consent of the Protected Party.

10.4 Changes to Product. If required by settlement or court order, or if deemed reasonably necessary in response to a Provider Covered Claim, Provider may: (a) obtain the right for Customer to continue using the Product; (b) replace or modify the affected component of the Product without materially reducing the general functionality of the Product; or (c) if neither (a) nor (b) are reasonable, terminate the affected Order Form and issue a pro-rated refund of prepaid Fees for the remainder of the Subscription Period.

10.5 Exclusions. a) Provider's obligations as an Indemnifying Party will not apply to Provider Covered Claims that result from (i) modifications to the Product that were not authorized by Provider or that were made in compliance with Customer's instructions; (ii) unauthorized use of the Product, including use in violation of this Agreement; (iii) use of the Product in combination with items not provided by Provider; or (iv) use of an old version of the Product where a newer release would avoid the Provider Covered Claim. b) Customer's obligations as an Indemnifying Party will not apply to Customer Covered Claims that result from the unauthorized use of the Customer Content, including use in violation of this Agreement.

10.6 Exclusive Remedy. This Section 10 (Indemnification), together with any termination rights, describes each Protected Party's exclusive remedy and each Indemnifying Party's entire liability for a Covered Claim.

11. Confidentiality

11.1 Non-Use and Non-Disclosure. Except as otherwise authorized in the Agreement or as needed to fulfill its obligations or exercise its rights under this Agreement, Recipient will not (a) use Discloser's Confidential Information; nor (b) disclose Discloser's Confidential Information to anyone else. In addition, Recipient will protect Discloser's Confidential Information using at least the same protections Recipient uses for its own similar information but no less than a reasonable standard of care.

11.2 Exclusions. Confidential Information does not include information that (a) Recipient knew without any obligation of confidentiality before disclosure by Discloser; (b) is or becomes publicly known and generally available through no fault of Recipient; (c) Recipient receives under no obligation of confidentiality from someone else who is authorized to make the disclosure; or (d) Recipient independently developed without use of or reference to Discloser's Confidential Information.

11.3 Required Disclosures. Recipient may disclose Discloser's Confidential Information to the extent required by Applicable Laws if, unless prohibited by Applicable Laws, Recipient provides Discloser reasonable advance notice of the required disclosure and reasonably cooperates, at Discloser's expense, with Discloser's efforts to obtain confidential treatment for the Confidential Information.

11.4 Permitted Disclosures. Recipient may disclose Discloser's Confidential Information to Users, employees, advisors, contractors, and representatives who each have a need to know the Confidential Information, but only if the person or entity is bound by confidentiality obligations at least as protective as those in this Section 11 (Confidentiality) and Recipient remains responsible for everyone's compliance with the terms of this Section 11 (Confidentiality).

12. Reservation of Rights

Except for the limited license to copy and use Software and Documentation in Section 1.1 (Access and Use), Provider retains all right, title, and interest in and to the Product, whether developed before or after the Effective Date. Except for the limited rights in Section 1.5 (Customer Content) and 1.6 (Machine Learning), Customer retains all right, title, and interest in and to the Customer Content.

13. General Terms

13.1 Entire Agreement. This Agreement is the only agreement between the parties about its subject and this Agreement supersedes all prior or contemporaneous statements (whether in writing or not) about its subject. Provider expressly rejects any terms included in Customer's purchase order or similar document, which may only be used for accounting or administrative purposes. No terms or conditions in any Customer documentation or online vendor portal will apply to Customer's use of the Product unless expressly agreed to in a legally binding written agreement signed by an authorized Provider representative, regardless of what such terms may say.

13.2 Modifications, Severability, and Waiver. Any waiver, modification, or change to the Agreement must be in writing and signed or electronically accepted by each party. If any term of this Agreement is determined to be invalid or unenforceable by a relevant court or governing body, the remaining terms of this Agreement will remain in full force and effect. The failure of a party to enforce a term or to exercise an option or right in this Agreement will not constitute a waiver by that party of the term, option, or right.

13.3 Governing Law and Chosen Courts. This Agreement will be governed by the laws of the State of Delaware, without regard to its conflict of law principles. Any legal action or proceeding arising under this Agreement must be brought exclusively in the state or federal courts located in Delaware, and each party irrevocably submits to the exclusive jurisdiction of such courts.

13.4 Injunctive Relief. Despite Section 13.3 (Governing Law and Chosen Courts), a breach of Section 11 (Confidentiality) or the violation of a party's intellectual property rights may cause irreparable harm for which monetary damages cannot adequately compensate. As a result, upon the actual or threatened breach of Section 11 (Confidentiality) or violation of a party's intellectual property rights, the non-breaching or non-violating party may seek appropriate equitable relief, including an injunction, in any court of competent jurisdiction without the need to post a bond and without limiting its other rights or remedies.

13.5 Non-Exhaustive Remedies. Except where the Agreement provides for an exclusive remedy, seeking or exercising a remedy does not limit the other rights or remedies available to a party.

13.6 Assignment. Neither party may assign any rights or obligations under this Agreement without the prior written consent of the other party. However, either party may assign this Agreement upon notice if the assigning party undergoes a merger, change of control, reorganization, or sale of all or substantially all its equity, business, or assets to which this Agreement relates. Any attempted but non-permitted assignment is void. This Agreement will be binding upon and inure to the benefit of the parties and their permitted successors and assigns.

13.7 Beta Products. If Provider gives Customer access to a Beta Product, the Beta Product is provided "AS IS" and Section 7.3 (Representations & Warranty From Provider) does not apply to any Beta Products. Customer acknowledges that Beta Products are experimental in nature and may be modified or removed at Provider's discretion with or without notice.

13.8 Logo Rights. Provider may identify Customer and use Customer's name and logo in marketing to identify Customer as a user of Provider's products and services.

13.9 Notices. Any notice, request, or approval about the Agreement must be in writing and sent to the Notice Address. Notices will be deemed given (a) upon confirmed delivery if by email, registered or certified mail, or personal delivery; or (b) two days after mailing if by overnight commercial delivery.

13.10 Independent Contractors. The parties are independent contractors, not agents, partners, or joint venturers. Neither party is authorized to bind the other to any liability or obligation.

13.11 No Third-Party Beneficiary. There are no third-party beneficiaries of this Agreement.

13.12 Force Majeure. Neither party will be liable for a delay or failure to perform its obligations of this Agreement if caused by a Force Majeure Event. However, this section does not excuse Customer's obligations to pay Fees.

13.13 Export Controls. Customer may not remove or export from the United States or allow the export or re-export of the Product or any related technology or materials in violation of any restrictions, laws, or regulations of the United States Department of Commerce, OFAC, or any other United States or foreign agency or authority. Customer represents and warrants that it is not (a) a resident or national of an Embargoed Country; (b) an entity organized under the laws of an Embargoed Country; (c) designated on any list of prohibited, restricted, or sanctioned parties maintained by the U.S. government or agencies or other applicable governments or agencies, including OFAC's Specially Designated Nationals and Blocked Persons List and the UN Security Council Consolidated List; nor (d) 50% or more owned by any party designated on any of the above lists. Provider may terminate this Agreement immediately without notice or liability to comply, as determined in Provider's sole discretion, with applicable export controls and sanctions laws and regulations.

13.14 Government Rights. The Cloud Service and Software are deemed "commercial items" or "commercial computer software" according to FAR section 12.212 and DFAR section 227.7202, and the Documentation is "commercial computer software documentation" according to DFAR section 252.227-7014(a)(1) and (5). Any use, modification, reproduction, release, performance, display, or disclosure of the Product by the U.S. Government will be governed solely by the terms of this Agreement and all other use is prohibited.

13.15 Anti-Bribery. Neither party will take any action that would be a violation of any Applicable Laws that prohibit the offering, giving, promising to offer or give, or receiving, directly or indirectly, money or anything of value to any third party to assist Provider or Customer in retaining or obtaining business. Examples of these kinds of laws include the U.S. Foreign Corrupt Practices Act and the UK Bribery Act 2010.

13.16 Titles and Interpretation. Section titles are for convenience and reference only. All uses of "including" and similar phrases are non-exhaustive and without limitation. The United Nations Convention for the International Sale of Goods and the Uniform Computer Information Transaction Act do not apply to this Agreement.

13.17 Signature. This Agreement may be signed in counterparts, including by electronic copies or acceptance mechanism. Each copy will be deemed an original and all copies, when taken together, will be the same agreement.

14. Definitions

14.1 Defining Variables. Variables have the meanings or descriptions given on a Cover Page. However, if the Order Form and the governing Framework Terms omit or do not define a Variable, the default meaning will be "none" or "not applicable" and the correlating clause, sentence, or section does not apply to that Agreement.

14.2 "Affiliate" means an entity that, directly or indirectly, controls, is under the control of, or is under common control with a party, where control means having more than fifty percent (50%) of the voting stock or other ownership interest.

14.2.1 "Agency Partner" means a business entity (such as a call center, staffing agency, or similar organization) that employs SDRs and offers their services through the graph8 marketplace pursuant to the Agency Participation Agreement. Agency Partners are independent service providers, not subcontractors of Provider. Agency Partners contract directly with Clients through the marketplace.

14.3 "Agreement" means the Order Form between Provider and Customer as governed by the Framework Terms.

14.4 "Applicable Data Protection Laws" means the Applicable Laws that govern how the Cloud Service may process or use an individual's personal information, personal data, personally identifiable information, or other similar term.

14.5 "Applicable Laws" means the laws, rules, regulations, court orders, and other binding requirements of a relevant government authority that apply to or govern Provider or Customer.

14.6 "Beta Product" means an early or prerelease feature or version of the Product that is identified as beta or similar, or a version of the Product that is not generally available.

14.7 "Cloud Service" means the product described in the Order Form.

14.8 "Confidential Information" means information in any form disclosed by or on behalf of a Discloser, including before the Effective Date, to a Recipient in connection with this Agreement that (a) the Discloser identifies as "confidential", "proprietary", or the like; or (b) should be reasonably understood as confidential or proprietary due to its nature and the circumstances of its disclosure. Confidential Information includes the existence of this Agreement and the information on each Cover Page. Customer's Confidential Information includes non-public Customer Content and Provider's Confidential Information includes non-public information about the Product.

14.9 "Cover Page" means a document that is signed or electronically accepted by the parties, incorporates these Standard Terms or is governed by the Framework Terms, and identifies Provider and Customer. A Cover Page may include an Order Form, Key Terms, or both.

14.10 "Covered Claim" means either a Provider Covered Claim or Customer Covered Claim.

14.11 "Customer Content" means data, information, or materials submitted by or on behalf of Customer or Users to the Product but excludes Feedback.

14.12 "Discloser" means a party to this Agreement when the party is providing or disclosing Confidential Information to the other party.

14.13 "Documentation" means the usage manuals and instructional materials for the Cloud Service or Software that are made available by Provider.

14.14 "Embargoed Country" means any country or region to or from where Applicable Laws generally restrict the export or import of goods, services, or money.

14.15 "Feedback" means suggestions, feedback, or comments about the Product or related offerings.

14.16 "Fees" means the applicable amounts described in an Order Form.

14.17 "Force Majeure Event" means an unforeseen event outside a party's reasonable control where the affected party took reasonable measures to avoid or mitigate the impacts of the event. Examples of these kinds of events include unpredicted natural disasters like a major earthquake, war, pandemic, riot, act of terrorism, or public utility or internet failure.

14.18 "Framework Terms" means these Standard Terms, the Key Terms between Provider and Customer, and any policies and documents referenced in or attached to the Key Terms.

14.19 "GDPR" means European Union Regulation 2016/679 as implemented by local law in the relevant European Union member nation, and by section 3 of the United Kingdom's European Union (Withdrawal) Act of 2018 in the United Kingdom.

14.20 "High Risk Activity" means any situation where the use or failure of the Product could be reasonably expected to lead to death, bodily injury, or environmental damage. Examples include full or partial autonomous vehicle technology, medical life-support technology, emergency response services, nuclear facilities operation, and air traffic control.

14.21 "Indemnifying Party" means a party to this Agreement when the party is providing protection for a particular Covered Claim.

14.22 "Key Terms" means a Cover Page that includes the key legal details and Variables for this Agreement. The Key Terms may include details about Covered Claims, set the Governing Law, or contain other details about this Agreement.

14.23 "OFAC" means the United States Department of Treasury's Office of Foreign Assets Control.

14.24 "Order Form" means a Cover Page that includes the key business details and Variables for this Agreement that are not defined in the Framework Terms. An Order Form includes the policies and documents referenced in or attached to the Order Form. An Order Form may include details about the level of access and use granted to the Cloud Service, length of Subscription Period, or other details about the Product.

14.25 "Personal Data" will have the meaning(s) set forth in the Applicable Data Protection Laws for personal information, personal data, personally identifiable information, or other similar term.

14.26 "Product" means the Cloud Service, Software, and Documentation.

14.27 "Prohibited Data" means (a) patient, medical, or other protected health information regulated by the Health Insurance Portability and Accountability Act; (b) credit, debit, bank account, or other financial account numbers; (c) social security numbers, driver's license numbers, or other unique and private government ID numbers; (d) special categories of data as defined in the GDPR; and (e) other similar categories of sensitive information as set forth in the Applicable Data Protection Laws.

14.28 "Protected Party" means a party to this Agreement when the party is receiving the benefit of protection for a particular Covered Claim.

14.29 "Recipient" means a party to this Agreement when the party receives Confidential Information from the other party.

14.30 "Software" means the client-side software or applications made available by Provider for Customer to install, download (whether onto a machine or in a browser), or execute as part of the Product.

14.31 "Standard Terms" means these Common Paper Cloud Service Agreement Standard Terms Version 2.0.

14.32 "Usage Data" means data and information about the provision, use, and performance of the Product and related offerings based on Customer's or User's use of the Product.

14.33 "User" means any individual who uses the Product on Customer's behalf or through Customer's account.

14.34 "Variable" means a word or phrase that is highlighted and capitalized, such as Subscription Period or Governing Law.

2.4.0

Data Processing Agreement

Last UpdatedJune 8, 2026 Effective DateJune 8, 2026
Table of Contents
1. Processor and Subprocessor Relationships2. Processing3. Restricted Transfers4. Security Incident Response5. Audit & Reports6. Coordination & Cooperation7. Deletion of Customer Personal Data8. Limitation of Liability9. Conflicts Between Documents10. Term of Agreement11. Governing Law12. Service Provider Relationship13. graph8 Security Contact14. Definitions

1. Processor and Subprocessor Relationships

1.1 Provider as Processor. In situations where Customer is a Controller of the Customer Personal Data, Provider will be deemed a Processor that is Processing Personal Data on behalf of Customer.

1.2 Provider as Subprocessor. In situations where Customer is a Processor of the Customer Personal Data, Provider will be deemed a Subprocessor of the Customer Personal Data.

2. Processing

2.1 Processing Details. Annex I(B) on the Cover Page describes the subject matter, nature, purpose, and duration of this Processing, as well as the Categories of Personal Data collected and Categories of Data Subjects.

2.2 Processing Instructions. Customer instructs Provider to Process Customer Personal Data: (a) to provide and maintain the Service; (b) as may be further specified through Customer's use of the Service; (c) as documented in the Agreement; and (d) as documented in any other written instructions given by Customer and acknowledged by Provider about Processing Customer Personal Data under this DPA. Provider will abide by these instructions unless prohibited from doing so by Applicable Laws. Provider will immediately inform Customer if it is unable to follow the Processing instructions. Customer has given and will only give instructions that comply with Applicable Laws.

2.3 Processing by Provider. Provider will only Process Customer Personal Data in accordance with this DPA, including the details in the Cover Page. If Provider updates the Service to update existing or include new products, features, or functionality, Provider may change the Categories of Data Subjects, Categories of Personal Data, Special Category Data, Special Category Data Restrictions or Safeguards, Frequency of Transfer, Nature and Purpose of Processing, and Duration of Processing as needed to reflect the updates by notifying Customer of the updates and changes.

2.4 Customer Processing. Where Customer is a Processor and Provider is a Subprocessor, Customer will comply with all Applicable Laws that apply to Customer's Processing of Customer Personal Data. Customer's agreement with its Controller will similarly require Customer to comply with all Applicable Laws that apply to Customer as a Processor. In addition, Customer will comply with the Subprocessor requirements in Customer's agreement with its Controller.

2.5 Consent to Processing. Customer has complied with and will continue to comply with all Applicable Data Protection Laws concerning its provision of Customer Personal Data to Provider and/or the Service, including making all disclosures, obtaining all consents, providing adequate choice, and implementing relevant safeguards required under Applicable Data Protection Laws.

2.6 Subprocessors.

(a) Provider will not provide, transfer, or hand over any Customer Personal Data to a Subprocessor unless Customer has approved the Subprocessor. The current list of Approved Subprocessors includes the identities of the Subprocessors, their country of location, and their anticipated Processing tasks. Provider will inform Customer at least 10 business days in advance and in writing of any intended changes to the Approved Subprocessors whether by addition or replacement of a Subprocessor, which allows Customer to have enough time to object to the changes before the Provider begins using the new Subprocessor(s). Provider will give Customer the information necessary to allow Customer to exercise its right to object to the change to Approved Subprocessors. Customer has 30 days after notice of a change to the Approved Subprocessors to object, otherwise Customer will be deemed to accept the changes. If Customer objects to the change within 30 days of notice, Customer and Provider will cooperate in good faith to resolve Customer's objection or concern.

(b) When engaging a Subprocessor, Provider will have a written agreement with the Subprocessor that ensures the Subprocessor only accesses and uses Customer Personal Data (i) to the extent required to perform the obligations subcontracted to it, and (ii) consistent with the terms of Agreement.

(c) If the GDPR applies to the Processing of Customer Personal Data, (i) the data protection obligations described in this DPA (as referred to in Article 28(3) of the GDPR, if applicable) are also imposed on the Subprocessor, and (ii) Provider's agreement with the Subprocessor will incorporate these obligations, including details about how Provider and its Subprocessor will coordinate to respond to inquiries or requests about the Processing of Customer Personal Data. In addition, Provider will share, at Customer's request, a copy of its agreements (including any amendments) with its Subprocessors. To the extent necessary to protect business secrets or other confidential information, including personal data, Provider may redact the text of its agreement with its Subprocessor prior to sharing a copy.

(d) Provider remains fully liable for all obligations subcontracted to its Subprocessors, including the acts and omissions of its Subprocessors in Processing Customer Personal Data. Provider will notify Customer of any failure by its Subprocessors to fulfill a material obligation about Customer Personal Data under the agreement between Provider and the Subprocessor.

(e) Approved Subprocessors:

Infrastructure. Amazon Web Services, Inc., Country of Location: USA, Anticipated Processing Task: cloud hosting, data storage, and transactional email delivery; Cloudflare, Inc., Country of Location: USA, Anticipated Processing Task: content delivery, edge compute, and object storage; PropelAuth, Inc., Country of Location: USA, Anticipated Processing Task: user authentication and identity management.

AI processing. OpenAI, L.L.C., Country of Location: USA, Anticipated Processing Task: AI and natural language processing; Anthropic, PBC, Country of Location: USA, Anticipated Processing Task: AI and natural language processing; Google LLC, Country of Location: USA, Anticipated Processing Task: AI processing and image generation.

Voice and telephony. Twilio Inc., Country of Location: USA, Anticipated Processing Task: telephony and call media; Telnyx LLC, Country of Location: USA, Anticipated Processing Task: telephony and call media; Deepgram, Inc., Country of Location: USA, Anticipated Processing Task: speech-to-text transcription of calls; Cartesia, Inc., Country of Location: USA, Anticipated Processing Task: text-to-speech for AI voice features; LiveKit, Inc., Country of Location: USA, Anticipated Processing Task: real-time voice transport for AI voice features.

Payment processing is provided by independent payment providers (Stripe, Inc. and Wise Payments Limited) acting under their own terms; they are not Subprocessors under this DPA. Third-party services that Customer separately connects or authorizes (for example a customer's own CRM, advertising, or outreach integrations) are not Subprocessors of Provider; Customer's use of those services is governed by Customer's own agreements with those providers.

2.7 Agency Partners and Data Processing. Agency Partners (call centers, staffing agencies, and similar organizations that provide Talent services through the graph8 marketplace) are not Subprocessors of Provider. Agency Partners contract directly with Customers through the marketplace and process Customer Personal Data as independent service providers to the Customer. Customer is responsible for ensuring that any Agency Partner engaged through the marketplace maintains appropriate data protection measures. Provider facilitates the marketplace connection but does not control Agency Partner data processing activities. Customer should review the Agency Participation Agreement and conduct appropriate due diligence on Agency Partners before engaging their services.

3. Restricted Transfers

3.1 Authorization. Customer agrees that Provider may transfer Customer Personal Data outside the EEA, the United Kingdom, or other relevant geographic territory as necessary to provide the Service. If Provider transfers Customer Personal Data to a territory for which the European Commission or other relevant supervisory authority has not issued an adequacy decision, Provider will implement appropriate safeguards for the transfer of Customer Personal Data to that territory consistent with Applicable Data Protection Laws.

3.2 Ex-EEA Transfers. Customer and Provider agree that if the GDPR protects the transfer of Customer Personal Data, the transfer is from Customer from within the EEA to Provider outside of the EEA, and the transfer is not governed by an adequacy decision made by the European Commission, then by entering into this DPA, Customer and Provider are deemed to have signed the EEA SCCs and their Annexes, which are incorporated by reference. Any such transfer is made pursuant to the EEA SCCs, which are completed as follows:

(a) Module Two (Controller to Processor) of the EEA SCCs apply when Customer is a Controller and Provider is Processing Customer Personal Data for Customer as a Processor.

(b) Module Three (Processor to Sub-Processor) of the EEA SCCs apply when Customer is a Processor and Provider is Processing Customer Personal Data on behalf of Customer as a Subprocessor.

(c) For each module, the following applies (when applicable):

(i) The optional docking clause in Clause 7 does not apply;

(ii) In Clause 9, Option 2 (general written authorization) applies, and the minimum time period for prior notice of Subprocessor changes is 10 business days;

(iii) In Clause 11, the optional language does not apply;

(v) In Clause 17 (Option 1), the EEA SCCs will be governed by the laws of Governing Member State;

(vi) In Clause 18(b), disputes will be resolved in the courts of the Governing Member State;

(vii) The Cover Page to this DPA contains the information required in Annex I, Annex II, and Annex III of the EEA SCCs.

3.3 Ex-UK Transfers. Customer and Provider agree that if the UK GDPR protects the transfer of Customer Personal Data, the transfer is from Customer from within the United Kingdom to Provider outside of the United Kingdom, and the transfer is not governed by an adequacy decision made by the United Kingdom Secretary of State, then by entering into this DPA, Customer and Provider are deemed to have signed the UK Addendum and their Annexes, which are incorporated by reference. Any such transfer is made pursuant to the UK Addendum, which is completed as follows:

(a) Section 3.2 of this DPA contains the information required in Table 2 of the UK Addendum.

(b) Table 4 of the UK Addendum is modified as follows: Neither party may end the UK Addendum as set out in Section 19 of the UK Addendum; to the extent ICO issues a revised Approved Addendum under Section 18 of the UK Addendum, the parties will work in good faith to revise this DPA accordingly.

(c) The Cover Page contains the information required by Annex 1A, Annex 1B, Annex II, and Annex III of the UK Addendum.

3.4 Other International Transfers. For Personal Data transfers where Swiss law (and not the law in any EEA member state or the United Kingdom) applies to the international nature of the transfer, references to the GDPR in Clause 4 of the EEA SCCs are, to the extent legally required, amended to refer to the Swiss Federal Data Protection Act or its successor instead, and the concept of supervisory authority will include the Swiss Federal Data Protection and Information Commissioner.

4. Security Incident Response

Upon becoming aware of any Security Incident, Provider will: (a) notify Customer without undue delay when feasible, but no later than 72 hours after becoming aware of the Security Incident; (b) provide timely information about the Security Incident as it becomes known or as is reasonably requested by Customer; and (c) promptly take reasonable steps to contain and investigate the Security Incident. Provider's notification of or response to a Security Incident as required by this DPA will not be construed as an acknowledgment by Provider of any fault or liability for the Security Incident.

5. Audit & Reports

5.1 Audit Rights. Provider will give Customer all information reasonably necessary to demonstrate its compliance with this DPA and Provider will allow for and contribute to audits, including inspections by Customer, to assess Provider's compliance with this DPA. However, Provider may restrict access to data or information if Customer's access to the information would negatively impact Provider's intellectual property rights, confidentiality obligations, or other obligations under Applicable Laws. Customer acknowledges and agrees that it will only exercise its audit rights under this DPA and any audit rights granted by Applicable Data Protection Laws by instructing Provider to comply with the reporting and due diligence requirements below. Provider will maintain records of its compliance with this DPA for 3 years after the DPA ends.

5.2 Security Reports. Customer acknowledges that Provider is regularly audited against the standards defined in the Security Policy by independent third-party auditors. Upon written request, Provider will give Customer, on a confidential basis, a summary copy of its then-current Report so that Customer can verify Provider's compliance with the standards defined in the Security Policy.

5.3 Security Due Diligence. In addition to the Report, Provider will respond to reasonable requests for information made by Customer to confirm Provider's compliance with this DPA, including responses to information security, due diligence, and audit questionnaires, or by giving additional information about its information security program. All such requests must be in writing and made to the Provider Security Contact and may only be made once a year.

6. Coordination & Cooperation

6.1 Response to Inquiries. If Provider receives any inquiry or request from anyone else about the Processing of Customer Personal Data, Provider will notify Customer about the request and Provider will not respond to the request without Customer's prior consent. Examples of these kinds of inquiries and requests include a judicial or administrative or regulatory agency order about Customer Personal Data where notifying Customer is not prohibited by Applicable Law, or a request from a data subject. If allowed by Applicable Law, Provider will follow Customer's reasonable instructions about these requests, including providing status updates and other information reasonably requested by Customer. If a data subject makes a valid request under Applicable Data Protection Laws to delete or opt out of Customer's giving of Customer Personal Data to Provider, Provider will assist Customer in fulfilling the request according to the Applicable Data Protection Law. Provider will cooperate with and provide reasonable assistance to Customer, at Customer's expense, in any legal response or other procedural action taken by Customer in response to a third-party request about Provider's Processing of Customer Personal Data under this DPA.

6.2 DPIAs and DTIAs. If required by Applicable Data Protection Laws, Provider will reasonably assist Customer in conducting any mandated data protection impact assessments or data transfer impact assessments and consultations with relevant data protection authorities, taking into consideration the nature of the Processing and Customer Personal Data.

7. Deletion of Customer Personal Data

7.1 Deletion by Customer. Provider will enable Customer to delete Customer Personal Data in a manner consistent with the functionality of the Services. Provider will comply with this instruction as soon as reasonably practicable except where further storage of Customer Personal Data is required by Applicable Law.

7.2 Deletion at DPA Expiration.

(a) After the DPA expires, Provider will return or delete Customer Personal Data at Customer's instruction unless further storage of Customer Personal Data is required or authorized by Applicable Law. If return or destruction is impracticable or prohibited by Applicable Laws, Provider will make reasonable efforts to prevent additional Processing of Customer Personal Data and will continue to protect the Customer Personal Data remaining in its possession, custody, or control. For example, Applicable Laws may require Provider to continue hosting or Processing Customer Personal Data.

(b) If Customer and Provider have entered the EEA SCCs or the UK Addendum as part of this DPA, Provider will only give Customer the certification of deletion of Personal Data described in Clause 8.1(d) and Clause 8.5 of the EEA SCCs if Customer asks for one.

7.3 Suppression Records. Notwithstanding Sections 7.1 and 7.2, Provider may retain limited suppression records, such as email address, domain, hashed identifiers, opt-out or suppression status, timestamp, source, and related metadata, after deletion of other Customer Personal Data and after expiration or termination of this DPA, as reasonably necessary to honor unsubscribe and opt-out requests, prevent further unwanted communications, comply with Applicable Laws, protect deliverability, and prevent abuse. Provider will retain suppression records only for these purposes and for as long as reasonably necessary to achieve them.

8. Limitation of Liability

8.1 Liability Caps and Damages Waiver. To the maximum extent permitted under Applicable Data Protection Laws, each party's total cumulative liability to the other party arising out of or related to this DPA will be subject to the waivers, exclusions, and limitations of liability stated in the Agreement. Provider's total cumulative liability arising out of or related to DPA Covered Claims will not be more than 3 times the fees paid or payable by Customer to Provider in the 12-month period immediately before the claim, but not to exceed $500,000.

8.2 Related-Party Claims. Any claims made against Provider or its Affiliates arising out of or related to this DPA may only be brought by the Customer entity that is a party to the Agreement.

8.3 Exceptions. This DPA does not limit any liability to an individual about the individual's data protection rights under Applicable Data Protection Laws. In addition, this DPA does not limit any liability between the parties for violations of the EEA SCCs or UK Addendum.

9. Conflicts Between Documents

This DPA forms part of and supplements the Agreement. If there is any inconsistency between this DPA, the Agreement, or any of their parts, the part listed earlier will control over the part listed later for that inconsistency: (1) the EEA SCCs or the UK Addendum, (2) this DPA, and then (3) the Agreement.

10. Term of Agreement

This DPA will start when Provider and Customer agree to a Cover Page for the DPA and sign or electronically accept the Agreement and will continue until the Agreement expires or is terminated. However, Provider and Customer will each remain subject to the obligations in this DPA and Applicable Data Protection Laws until Customer stops transferring Customer Personal Data to Provider and Provider stops Processing Customer Personal Data.

11. Governing Law

Notwithstanding the governing law or similar clauses of the Agreement, all interpretations and disputes about this DPA will be governed by the laws of the State of Delaware without regard to its conflict of laws provisions. In addition, and notwithstanding the forum selection, jurisdiction, or similar clauses of the Agreement, the parties agree to bring any legal suit, action, or proceeding about this DPA in, and each party irrevocably submits to the exclusive jurisdiction of, the state or federal courts located in Delaware.

12. Service Provider Relationship

To the extent California Consumer Privacy Act, Cal. Civ. Code ยง 1798.100 et seq ("CCPA") applies, the parties acknowledge and agree that Provider is a service provider and is receiving Personal Data from Customer to provide the Service as agreed in the Agreement, which constitutes a business purpose. Provider will not sell any First Party Personal Data provided by Customer under the Agreement. In addition, Provider will not retain, use, or disclose any Personal Data provided by Customer under the Agreement except as necessary for providing the Service for Customer, as stated in the Agreement, or as permitted by Applicable Data Protection Laws. Provider certifies that it understands the restrictions of this paragraph.

13. graph8 Security Contact

Email: [email protected]

Address: as listed in Cloud Services Agreement and Order form

14. Definitions

14.1 "Applicable Laws" means the laws, rules, regulations, court orders, and other binding requirements of a relevant government authority that apply to or govern a party.

14.2 "Applicable Data Protection Laws" means the Applicable Laws that govern how the Service may process or use an individual's personal information, personal data, personally identifiable information, or other similar term.

14.3 "Controller" will have the meaning(s) given in the Applicable Data Protection Laws for the company that determines the purpose and extent of Processing Personal Data.

14.4 "Cover Page" means a document that is signed or electronically accepted by the parties that incorporates these DPA Standard Terms and identifies Provider, Customer, and the subject matter and details of the data processing.

14.5 "Customer Personal Data" means Personal Data that Customer uploads or provides to Provider as part of the Service and that is governed by this DPA.

14.6 "DPA" means these DPA Standard Terms, the Cover Page between Provider and Customer, and the policies and documents referenced in or attached to the Cover Page.

14.7 "EEA SCCs" means the standard contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the European Council.

14.8 "European Economic Area" or "EEA" means the member states of the European Union, Norway, Iceland, and Liechtenstein.

14.9 "GDPR" means European Union Regulation 2016/679 as implemented by local law in the relevant EEA member nation.

14.10 "Personal Data" will have the meaning(s) given in the Applicable Data Protection Laws for personal information, personal data, or other similar term.

14.11 "Processing" or "Process" will have the meaning(s) given in the Applicable Data Protection Laws for any use of, or performance of a computer operation on, Personal Data, including by automatic methods.

14.12 "Processor" will have the meaning(s) given in the Applicable Data Protection Laws for the company that Processes Personal Data on behalf of the Controller.

14.13 "Report" means audit reports prepared by another company according to the standards defined in the Security Policy on behalf of Provider.

14.14 "Restricted Transfer" means (a) where the GDPR applies, a transfer of personal data from the EEA to a country outside of the EEA which is not subject to an adequacy determination by the European Commission; and (b) where the UK GDPR applies, a transfer of personal data from the United Kingdom to any other country which is not subject to adequacy regulations adopted pursuant to Section 17A of the United Kingdom Data Protection Act 2018.

14.15 "Security Incident" means a Personal Data Breach as defined in Article 4 of the GDPR.

14.16 "Service" means the product and/or services described in the Agreement.

14.17 "Special Category Data" will have the meaning given in Article 9 of the GDPR.

14.18 "Subprocessor" will have the meaning(s) given in the Applicable Data Protection Laws for a company that, with the approval and acceptance of Controller, assists the Processor in Processing Personal Data on behalf of the Controller.

14.19 "UK GDPR" means European Union Regulation 2016/679 as implemented by section 3 of the United Kingdom's European Union (Withdrawal) Act of 2018 in the United Kingdom.

14.20 "UK Addendum" means the international data transfer addendum to the EEA SCCs issued by the Information Commissioner for Parties making Restricted Transfers under S119A(1) Data Protection Act 2018.

2.4.0

Privacy Policy

Last UpdatedJune 8, 2026 Effective DateJune 8, 2026
Table of Contents
1. Personal Information We Collect2. Third-Party Sources3. Automatic Data Collection4. Cookies and Tracking Technologies5. How We Use Your Personal Information6. How We Share Your Personal Information7. Call Recording and Monitoring8. Data Retention9. Google API Services and Your Data10. How We Use Your Google Account Data11. Google Account Data Retention12. Revoking Google Access13. Limited Use of Google Data14. Security15. International Data Transfers16. Your Privacy Rights and Choices17. California Privacy Rights (CCPA/CPRA Notice)18. EEA, UK, and Other Jurisdiction Rights19. Other Sites and Services20. Children's Data21. Changes to This Privacy Policy22. How to Contact Us

This Privacy Policy ("Policy") describes how graph8 ("graph8," "we," "us," or "our") collects, uses, discloses, and retains personal information through our website and digital properties that link to this Policy, and through our sales-automation platform, voice dialer, messaging tools, visitor-tracking features, and talent marketplace (collectively, the "Service"). This Policy is effective June 8, 2026. If you have questions, contact us at [email protected].

1. Personal Information We Collect

We collect the categories of personal information described below. The specific data collected depends on how you or your organization uses the Service.

Account and Contact Data. First and last name, email address, phone number, username, password, job title, company name, and other information you add to your account profile.

Prospect and Contact Records (B2B CRM). Business contact information for sales prospects and customers loaded into or generated by the platform, including name, work email, work phone, job title, employer, LinkedIn profile URL, and similar professional identifiers. We may append enrichment data to these records obtained from third-party data sources or from integration tools that our customers connect to the platform. The customer who controls the relevant account is the controller of this data; graph8 processes it as a service provider on their behalf.

Call Recordings, Transcripts, and AI Grading Data. When the voice dialer is used, calls may be recorded and transcribed, subject to the disclosures the customer is responsible for providing. We generate AI-produced transcripts and AI call-grading scores from those recordings. See Section 7 (Call Recording and Monitoring).

Cross-Channel Message Content. Content of outbound and inbound messages sent or received through the platform across supported channels, including email, SMS, WhatsApp, iMessage, Slack, and LinkedIn, including message body text, attachments, timestamps, and delivery and engagement metadata (opens, clicks, replies).

Website Visitor and Buyer-Intent Data. When our tracking pixel or SDK is deployed on a customer's website, we collect IP addresses, device identifiers, browser type and version, operating system, referring URLs, pages visited, visit duration, and session identifiers for visitors to that site. We may perform named-visitor resolution to associate a visit with a known company or contact record. See Section 4 (Cookies and Tracking Technologies).

Payment, Bank, and KYC Data (Marketplace). For participants in the graph8 talent marketplace, we collect billing and payment information, bank account details for payout, government-issued identification data, and tax forms including W-8 and W-9. Payment processing is handled by our payment providers (see Section 6).

Talent Profile Data (Marketplace). For talent and Agency Talent onboarded through the marketplace, we collect resumes, headshots, work history, skill assessments, performance records, and other profile information submitted by the individual or their sponsoring agency.

Usage and Behavioral Analytics. Log data, clickstream data, feature usage events, and other behavioral signals about how users interact with the platform.

Communications and Marketing Data. Messages we exchange with you (including support), and your preferences for and engagement with our marketing communications.

Other Data. Additional information we collect as described at the time of collection or as otherwise necessary to operate the Service.

2. Third-Party Sources

We may combine personal information we receive from you with personal information we obtain from other sources, such as public sources (government agencies, public records, publicly available professional profiles), data and enrichment providers that supply business contact and firmographic information, and joint marketing partners. Customers may also connect their own third-party tools to the platform; data exchanged with those tools is governed by the customer's own agreements with those providers.

3. Automatic Data Collection

We and our service providers automatically collect information when you access the Service or when our tracking technologies are active on a customer's website:

Device Data. Operating system type and version, device manufacturer and model, browser type and version, screen resolution, IP address, and general geographic location derived from IP (city, state, or country).

Online Activity Data. Pages viewed, time spent on pages, navigation paths, actions taken on a page, access timestamps, and session duration.

Visitor Identification Data. Where our pixel or SDK is deployed on a customer's website, we may resolve the visiting company and, where permitted, the individual visitor by cross-referencing IP and device signals against our contact database, to surface buyer-intent signals to the customer whose website the visitor browsed.

4. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar technologies on our own website and, when deployed by a customer, on customer-operated websites. These technologies may collect session identifiers and authentication tokens, IP address and approximate location, browser and device type, pages visited and interaction events, and email open and click signals (via tracking pixels embedded in outbound emails sent through the platform).

Pixel and SDK Deployments on Customer Websites. When a customer installs the graph8 tracking snippet on their own website, the snippet collects the visitor data described in Section 1 on behalf of that customer. The customer is the data controller for those visitors; graph8 is the processor.

Cookie Choices and Signals. Most browsers let you refuse or delete cookies through browser settings; disabling cookies may affect functionality. We currently do not respond to browser "Do Not Track" signals, but we honor Global Privacy Control (GPC) signals where required by law (see Section 13).

Note on Google API Data. Information collected through cookies and similar technologies does not include personal information obtained from Google API Services. Google Workspace APIs are not used to develop, improve, or train generalized AI or machine-learning models.

5. How We Use Your Personal Information

We use personal information for the purposes described below or as otherwise disclosed at the time of collection.

Service Delivery. To provide, operate, maintain, and improve the platform and its features, including the CRM, email and multi-channel sequencer, voice dialer, website visitor tracking, campaign builder, and talent marketplace; to process payments, subscriptions, and marketplace payouts and tax reporting; and to communicate with you about the Service.

AI Processing and Automated Functions. We use artificial intelligence and machine-learning models to power platform features. This includes call grading (analyzing call recordings and transcripts to produce AI scores surfaced to the customer's managers as coaching signals; a human supervisor can review the underlying recording and override any score), talent matching and scoring (ranking talent profiles against an open role to inform, not replace, the customer's hiring decisions), content generation and sequence personalization, and intent-signal classification. Data processed by these features, including contact records, message content, and call transcripts, may be transmitted to our AI model provider subprocessors listed in Section 6, which are bound by data processing agreements and do not use customer data to train their general-purpose models via the commercial tiers we use.

Marketing and Advertising. To send marketing communications about products, services, offers, and events, based on data collected directly from you or from third-party sources (excluding Google API data). We do not use Google user data for advertising. You may opt out at any time (see Section 13).

Research and Development. To analyze platform performance and develop new features. We do not use Google user data for any purpose beyond providing user-facing platform features.

Compliance and Protection. To comply with applicable laws and legal processes; enforce our terms; protect the rights, privacy, safety, and property of graph8, our customers, and others; prevent, detect, and investigate fraud and other harmful activity; and conduct internal audits.

6. How We Share Your Personal Information

We may share personal information with the parties described below.

Service Providers and Subprocessors. We engage third-party companies ("subprocessors") that process personal information on our behalf to operate the Service. Our current subprocessors by category are: Infrastructure and hosting: Amazon Web Services, Inc.; Cloudflare, Inc. Authentication: PropelAuth, Inc. AI model inference: OpenAI, L.L.C.; Anthropic, PBC; Google LLC. Voice, telephony, and speech: Twilio Inc.; Telnyx LLC; Deepgram, Inc.; Cartesia, Inc.; LiveKit, Inc. Each subprocessor is bound by a data processing agreement that restricts use of personal information to providing services to graph8. An up-to-date subprocessor list is available on request at [email protected], and we give customers advance notice of material subprocessor changes where required by our Data Processing Agreement.

Payment Providers. Payment processing and marketplace payouts are handled by Stripe, Inc. and Wise Payments Limited, which operate as independent controllers for payment and financial data under their own privacy policies. graph8 does not store full payment card numbers.

Customer-Controlled Integrations. Customers may connect their own third-party tools to the platform, such as their CRM, LinkedIn outreach accounts, advertising platforms, or enrichment services. Data exchanged with those integrations is governed by the customer's own agreements with those providers; graph8 is not responsible for the data practices of tools the customer chooses to connect.

Agency Partners (Marketplace). If you are a Client using the talent marketplace, we share business contact and engagement information with the Agency Partners whose talent you engage, limited to what is necessary to perform the requested services. Agency Partners are bound by their own privacy obligations under the Agency Participation Agreement.

Affiliates, Professional Advisors, Authorities, and Business Transferees. Our corporate affiliates; lawyers, auditors, bankers, and insurers in the course of their services to us; law enforcement and government authorities where we believe disclosure is required by law or necessary to protect rights, safety, or property; and acquirers and other parties in connection with a merger, acquisition, reorganization, sale of assets, or similar transaction (including bankruptcy).

Note on Google API Data. Personal information obtained from Google API Services is not shared with third parties except as necessary to provide or improve our Service in compliance with Google's API Services User Data Policy and Limited Use requirements. We do not sell Google user data under any circumstances.

7. Call Recording and Monitoring

The graph8 voice dialer supports call recording. When recording is enabled by a customer: calls may be recorded in full, including both the platform user and the third-party call participant; the customer is responsible for providing any legally required recording disclosures to call participants, including in two-party consent jurisdictions, as set out in the Calling and Recording Terms; recordings and transcripts are stored on the platform and accessible to authorized users within the customer's account; we use AI to produce automated transcripts and call-grading scores (see Section 5); and voice data may be transmitted to our voice and speech subprocessors (Twilio Inc., Telnyx LLC, Deepgram, Inc., Cartesia, Inc., LiveKit, Inc.) solely for processing and transcription. Recordings and transcripts are retained as described in Section 8 unless deleted earlier.

8. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, and as permitted by law. Indicative periods: account and profile data for the life of the account and up to 90 days after closure; CRM prospect and contact records for the duration of the customer's subscription plus 90 days (customers may request earlier deletion); call recordings and transcripts up to 12 months by default, with customer-configurable shorter windows and on-demand deletion; payment and tax records for 7 years or as required by law; usage logs up to 24 months in identifiable form; and marketing engagement data until you opt out or for 3 years from last engagement. After these periods we delete or irreversibly anonymize personal information except where longer retention is required by law.

Suppression Records. When a recipient unsubscribes, opts out, bounces, or submits a spam complaint, we may retain limited suppression data (such as email address or hashed identifier, opt-out status, timestamp, and source) on an account-wide basis so the recipient is not contacted again through the Service. We may retain suppression records after other personal information is deleted, and after an account is closed, as necessary to honor opt-out requests, comply with law, protect deliverability, and prevent abuse.

9. Google API Services and Your Data

graph8 uses Google API Services, specifically the Gmail API, to provide core functionality in our customer engagement and sales automation tool. We request access to the following scopes:

https://www.googleapis.com/auth/gmail.modify: Allows us to send emails, retrieve recent emails, and manage email threads on your behalf.

https://www.googleapis.com/auth/pubsub: Enables real-time notifications for email events.

Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models.

10. How We Use Your Google Account Data

Email Sending: We send personalized emails through your Gmail account for automated sequences or one-off communications.

Email Retrieval: We fetch recent emails to monitor responses and track engagement.

Thread Management: We read and modify email threads to maintain context in ongoing conversations.

11. Google Account Data Retention

We retain Google account data only for as long as necessary to provide the connected Gmail features. If you revoke graph8's access or delete your account, we delete your Google account data from our systems. For the general retention schedule applicable to all personal information, see Section 8.

12. Revoking Google Access

You can revoke graph8's access to your Google account at any time through your Google Account security settings or by contacting us at [email protected].

13. Limited Use of Google Data

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we do not use or transfer Google user data for serving ads, including retargeting, personalized, or interest-based advertising; we do not sell or transfer Google user data; Google user data is only shared with third parties where necessary for security, legal compliance, or as part of a merger or acquisition, and always in compliance with Google's policies; and we maintain a strict separation between data obtained through Google API Services and any other data activities. Google account data is never used for any purposes other than those described in this Policy and required to provide the Service. We apply encryption in transit and at rest, access controls, and regular security assessments to personal information obtained from Google API Services.

14. Security

We implement technical, organizational, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and loss, including encryption of data in transit and at rest, role-based access controls, regular security assessments, and vendor security review for subprocessors. Security risk is inherent in all internet and information technologies, and we cannot guarantee the absolute security of your personal information. We maintain an incident response program and will notify affected parties of material data breaches as required by applicable law.

15. International Data Transfers

graph8 is headquartered in the United States, and the Service is primarily operated on US-based infrastructure. If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that restricts cross-border transfers, your information may be transferred to and processed in the United States. For personal data transferred from the EEA or UK, we rely on the Standard Contractual Clauses adopted by the European Commission, and the UK Addendum to those clauses where required, as incorporated into our Data Processing Agreement. A copy of the applicable transfer mechanism is available on request at [email protected].

16. Your Privacy Rights and Choices

Depending on your location and relationship with graph8, you may have rights with respect to your personal information. To submit a request, contact us at [email protected] or [email protected].

Access, Correction, Deletion, and Portability. Request a copy of, correction of, or deletion of your personal information, or receive a copy in a structured, commonly used, machine-readable format, subject to legal and contractual retention obligations.

Objection and Restriction. Object to or request restriction of certain processing, including processing for direct marketing.

Opt Out of Marketing. Opt out of marketing emails via the unsubscribe link or by contacting [email protected]; you will continue to receive non-marketing service messages. Our newsletter and bulk emails include a one-click unsubscribe, and any unsubscribe applies on an account-wide basis across current and future sends.

Cookies and Revoking Google Access. Adjust cookie preferences in your browser, and revoke graph8's access to your Google account through your Google Account settings at any time.

We will respond to verifiable requests within the timeframe required by applicable law (typically 30 days, with an extension available for complex requests).

17. California Privacy Rights (CCPA/CPRA Notice)

This section applies to California residents and supplements the rest of this Policy.

Categories collected. In the preceding 12 months we have collected: identifiers (name, email, IP address, device IDs); professional or employment-related information; internet or other electronic network activity; audio, electronic, and visual information (call recordings); commercial information; inferences (AI scoring, intent tiers); and sensitive personal information where applicable (government ID and financial data for marketplace participants).

Sale or sharing. graph8 does not sell personal information for monetary consideration. We may share certain identifiers and online activity data with analytics and advertising partners in ways that may constitute "sharing" for cross-context behavioral advertising under the CPRA. California residents may opt out of such sharing.

Do Not Sell or Share My Personal Information. To opt out of the sale or sharing of your personal information, submit a request at [email protected] or use the "Do Not Sell or Share My Personal Information" link in our website footer. We also honor opt-out preference signals transmitted via Global Privacy Control (GPC) for browser sessions where GPC is detectable.

Sensitive information, non-discrimination, and agents. We use sensitive personal information only as necessary to provide the Service and comply with law, and not for advertising. We will not discriminate against you for exercising your rights. You may use an authorized agent to submit requests with proof of authority.

18. EEA, UK, and Other Jurisdiction Rights

If you are in the EEA or the UK, you have the rights described in Section 16 under the GDPR or UK GDPR, including the right to lodge a complaint with your local supervisory authority; for transfer mechanisms see Section 15. Residents of other jurisdictions may have additional rights under local privacy laws. Contact [email protected] to exercise any such rights.

19. Other Sites and Services

The Service may contain links to third-party websites, applications, and online services. These links are not endorsements of those third parties. We do not control third-party services and are not responsible for their privacy practices. Please review the privacy policies of any third-party service before providing your personal information.

20. Children's Data

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected such information without verifiable parental consent, we will delete it promptly. If you believe we may have collected such information, contact [email protected].

21. Changes to This Privacy Policy

We may update this Policy from time to time. If we make material changes, we will update the effective date and, where required by law or appropriate, notify you by email or via an in-product notice. Continued use of the Service after the effective date of a revised Policy constitutes acceptance of the changes.

22. How to Contact Us

For general privacy inquiries: [email protected]. For compliance and data subject requests: [email protected]. For support: [email protected].

Version 2.4.0. Effective June 8, 2026.

2.3.0

SMS Terms and Conditions

Last UpdatedJune 6, 2026 Effective DateJune 6, 2026
Table of Contents
1. Service Description and Sender Responsibility2. Opt-Out and Opt-In Compliance3. Platform Coverage, Subprocessors, and Data Handling4. Customer Responsibility and Indemnification5. Legal Considerations6. Technical Information

These terms govern the use of graph8's messaging features, including SMS, WhatsApp, and iMessage (collectively, "Messaging Services"). When you use graph8 to send messages to your contacts, you ("Customer") are the sender of record for those messages. graph8 acts as the platform and facilitator of message delivery and is not a party to the communications between you and your recipients. Please read these terms carefully before using the Messaging Services.

1. Service Description and Sender Responsibility

Customer as Sender of Record: When you use graph8's Messaging Services to send messages to your contacts or prospects, you are the sender of record for those messages. You are solely responsible for the content of your messages and for ensuring that all messaging activity conducted through graph8 complies with applicable law, including the Telephone Consumer Protection Act (TCPA) and all applicable state and local laws and regulations.

Prior Express Written Consent: Before sending any marketing, promotional, or automated messages to a recipient, you must obtain that recipient's prior express written consent as required by the TCPA and any other applicable law. graph8 does not obtain consent on your behalf. You must maintain records of consent sufficient to demonstrate compliance.

Opt-In Description: Recipients must affirmatively opt in to receive messages from you. Opt-in must be clear, conspicuous, and separate from any other agreement or authorization. You must clearly disclose the nature and frequency of messages at the time of opt-in.

Message Frequency: Message frequency varies depending on your campaigns, sequences, and settings. You must disclose to recipients that message frequency may vary when obtaining consent and in your opt-in confirmation messages.

Content: Messages may include meeting reminders, outreach campaigns, follow-up sequences, and other communications configured by you. You are solely responsible for ensuring that message content is accurate, lawful, and compliant with applicable law. graph8 does not review or pre-approve message content.

Required Disclosures in Messages: Each message campaign must include clear identification of you as the sender, a description of the messaging program, and opt-out instructions. System notifications sent through graph8 on your behalf may include the statement "Reply STOP to unsubscribe."

2. Opt-Out and Opt-In Compliance

STOP Keyword, Honoring Opt-Outs: Recipients may opt out at any time by replying "STOP" (or any standard opt-out keyword such as STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT) to any message. You must honor all opt-out requests immediately and must not send further messages to a recipient after an opt-out has been received. graph8 will process STOP keywords received through the Messaging Services, but you are responsible for maintaining opt-out records across all channels and ensuring that opt-outs are reflected in your contact lists and CRM data.

HELP Keyword: Recipients may reply "HELP" to any message to receive information about the messaging program and how to contact you. You are responsible for configuring HELP responses with accurate contact information.

Re-Opt-In: After a recipient opts out, you may not send further messages unless that recipient has affirmatively re-opted in through a new, separate consent process.

Platform Assistance: For assistance with graph8's Messaging Services, contact our support team at [email protected].

Age Restriction: You may not send messages to individuals under the age of 18. By using the Messaging Services, you represent and warrant that your messaging programs are not directed to minors.

Geographic Restrictions: The Messaging Services are available in jurisdictions where graph8 has the legal authorization and technical capability to provide them. You are responsible for ensuring that your messaging activity complies with all applicable laws in the jurisdictions where your recipients are located. graph8 reserves the right to restrict or modify service availability in any jurisdiction at any time.

3. Platform Coverage, Subprocessors, and Data Handling

Platform Coverage: These terms apply to all outbound messaging conducted through graph8, including SMS, WhatsApp Business messaging, and iMessage. Each platform may impose its own policies and restrictions. You are responsible for complying with the applicable platform terms and policies for each channel you use.

Privacy and Data Handling: Phone numbers, message content, and related personal data collected or processed through the Messaging Services are handled in accordance with graph8's Privacy Policy and, where applicable, the Data Processing Agreement.

Telephony and Messaging Subprocessors: graph8 routes messages through third-party communications subprocessors, which may include Twilio Inc. and Telnyx LLC. These subprocessors process message delivery data on graph8's behalf and are subject to data processing agreements consistent with applicable law. graph8 maintains a current list of subprocessors in its Data Processing Agreement.

4. Customer Responsibility and Indemnification

Customer Responsibility: You are solely responsible for (a) obtaining all legally required consents before sending messages to any recipient, (b) the content, accuracy, and legality of your messages, (c) maintaining opt-out records and honoring opt-out requests, and (d) complying with all applicable laws, including the TCPA, CAN-SPAM Act, Canada's Anti-Spam Legislation (CASL), and any other applicable domestic or international messaging laws.

Indemnification: You agree to indemnify, defend, and hold harmless graph8 Inc., its affiliates, officers, directors, employees, and agents from and against any claims, liabilities, damages, penalties, fines, and costs (including reasonable attorneys' fees) arising from or related to your messaging activity, including any claim that your messages violated applicable law or that required consents were not obtained.

5. Legal Considerations

Changes to Terms: We reserve the right to modify these terms at any time. We will notify you of any significant changes, and your continued use of the service constitutes acceptance of the updated terms.

Liability: graph8 Inc. is not liable for delayed or undelivered messages or any actions taken or not taken based on the content of the messages you send.

6. Technical Information

Message and Data Rates: Message and data rates may apply. Please check with your mobile service provider for details.

Carrier Participation: Not all mobile carriers may support every messaging channel. Please check with your carrier if you are unsure about compatibility.

By using graph8's Messaging Services, you acknowledge that you have read, understood, and agree to these terms and conditions, and you represent that your use of the Messaging Services complies with all applicable laws.

2.3.0

Calling and Recording Terms

Last UpdatedJune 6, 2026 Effective DateJune 6, 2026
Table of Contents
1. Scope2. Call Recording and Transcription3. Recording Consent and Wiretapping Compliance4. AI Voice Agent Disclosure Requirements5. Telephony Subprocessors6. Customer Responsibility and Indemnification7. graph8's Role and Limitation of Liability8. Cross-References9. Changes to These Terms

These Calling and Recording Terms ("Calling Terms") govern your use of graph8's dialer, voice agent, and telephony features (collectively, "Voice Services"). By using the Voice Services, you ("Customer") agree to these Calling Terms in addition to graph8's general Terms of Service. These Calling Terms apply to all outbound and inbound calls placed or received through graph8, including calls placed by automated AI voice agents.

1. Scope

Covered Services: These Calling Terms apply to (a) the graph8 outbound dialer and power dialer features, (b) inbound call handling, (c) AI voice agents that autonomously place, receive, or handle calls on your behalf, and (d) any recording, transcription, or quality-scoring features associated with those calls.

Customer as Caller of Record: graph8 provides the Voice Services as a platform and facilitator. You are the caller of record for all calls placed through your graph8 account. graph8 is not a party to the calls between you and your call recipients.

2. Call Recording and Transcription

Automatic Recording: Calls placed or received through the Voice Services are automatically recorded. By using the Voice Services, you acknowledge that calls will be recorded.

Transcription: Call recordings are automatically transcribed using automated speech-to-text processing. Transcripts are stored and made available to authorized users within your graph8 account.

AI Grading and Analysis: Transcripts and recordings may be processed by automated AI systems to generate quality scores, coaching insights, and performance analytics. This processing is performed as part of the Voice Services to help you evaluate and improve your calling programs.

Data Handling: Recordings, transcripts, and derived analytics data are processed in accordance with graph8's Privacy Policy and, where applicable, the Data Processing Agreement. Refer to those documents for retention periods, data subject rights, and subprocessor details.

3. Recording Consent and Wiretapping Compliance

Customer Responsibility for Consent: You are solely responsible for compliance with all applicable call recording, wiretapping, and electronic surveillance laws in every jurisdiction where you or your call recipients are located. These laws vary significantly by jurisdiction.

All-Party (Two-Party) Consent Jurisdictions: Many jurisdictions require the consent of all parties to a call before a recording may be made. These include, but are not limited to, California, Florida, Illinois, Maryland, Massachusetts, Michigan, Nevada, New Hampshire, Oregon, Pennsylvania, Washington, and equivalent jurisdictions outside the United States. You are responsible for identifying all applicable consent requirements and for obtaining or ensuring that the required consent has been obtained before recording any call.

Required Disclosures: Where applicable law requires that call participants be informed that a call is being recorded, you must provide that disclosure or ensure that it is provided before or at the outset of the recorded portion of the call. graph8 can be configured to play a recorded-line announcement at the start of calls; you are responsible for enabling and maintaining that configuration where required.

International Calls: If you use the Voice Services to place or receive calls in jurisdictions outside the United States, you are responsible for complying with the call recording and wiretapping laws of each applicable jurisdiction, including any applicable EU, UK, or other national privacy and telecommunications laws.

4. AI Voice Agent Disclosure Requirements

AI Voice Agents: graph8 supports AI voice agents that may autonomously initiate, conduct, or complete calls using synthetic or artificial voices. When an AI voice agent is used to place or handle a call, you are responsible for compliance with all applicable laws governing automated, artificial, or prerecorded voice calls.

Disclosure of Artificial Voice: Where applicable law requires disclosure that a caller is an AI or automated system (including but not limited to FCC rules on AI-generated voice calls, state bot-disclosure laws, and emerging AI-calling regulations), you must ensure that the required disclosure is made at the beginning of the call. graph8 provides configuration options to enable automated AI disclosures; you are responsible for enabling and maintaining those disclosures where legally required.

TCPA Compliance for AI-Assisted Calls: Calls placed using AI voice agents or using auto-dialed or prerecorded or artificial voice technology may require prior express written consent under the Telephone Consumer Protection Act (TCPA) and applicable state laws. You are responsible for obtaining the required level of consent before using AI voice agents or auto-dialed calling features, and for maintaining records of that consent.

Do-Not-Call Compliance: You are responsible for maintaining and honoring applicable do-not-call registries, including the National Do Not Call Registry and any state or internal do-not-call lists, in connection with all calls placed through the Voice Services.

5. Telephony Subprocessors

Named Subprocessors: graph8 routes voice calls, recordings, and transcription through third-party telephony and AI subprocessors that process data on graph8's behalf. Current Voice Services subprocessors include:

Twilio Inc.: telephony carrier and programmable voice infrastructure
Telnyx LLC: telephony carrier and SIP trunking
Deepgram, Inc.: automated speech recognition and transcription
Cartesia, Inc.: AI voice synthesis and voice agent infrastructure
LiveKit, Inc.: real-time audio transport and media infrastructure

Each subprocessor is subject to a data processing agreement with graph8. graph8 maintains a current list of Voice Services subprocessors in the Data Processing Agreement. graph8 will notify you of material changes to the subprocessor list in accordance with the notification procedures set out in the Data Processing Agreement.

6. Customer Responsibility and Indemnification

Customer Responsibility: You are solely responsible for (a) compliance with all applicable laws governing outbound and inbound calling, including the TCPA, the Telephone Sales Rule, the Telemarketing and Consumer Fraud and Abuse Prevention Act, state telemarketing and do-not-call laws, and any applicable non-US law; (b) obtaining all required consents before placing calls; (c) providing all legally required disclosures to call recipients, including recording disclosures and AI-voice disclosures; (d) maintaining required consent records; and (e) the conduct of all calls placed by you or by AI voice agents acting on your behalf.

Indemnification: You agree to indemnify, defend, and hold harmless graph8 Inc., its affiliates, officers, directors, employees, and agents from and against any claims, liabilities, damages, penalties, fines, and costs (including reasonable attorneys' fees) arising from or related to your use of the Voice Services, including any claim that your calling activity violated applicable law, that required consents were not obtained, or that required disclosures were not provided.

7. graph8's Role and Limitation of Liability

Platform Only: graph8 provides the Voice Services as a technology platform. graph8 does not place calls on its own initiative, does not control the content or conduct of your calls, and is not responsible for the legality of your calling activity. graph8 does not verify that you have obtained required consents or provided required disclosures.

Limitation of Liability: To the maximum extent permitted by applicable law, graph8's liability in connection with the Voice Services is subject to the limitations set out in the general Terms of Service.

8. Cross-References

Call recordings, transcripts, and analytics data are personal data subject to graph8's Privacy Policy and, for Customers subject to GDPR, UK GDPR, CCPA, or similar laws, the Data Processing Agreement. Those documents govern your and graph8's respective obligations with respect to the processing of that data, including data subject rights, cross-border transfer mechanisms, and processor-level security obligations.

Use of the Messaging Services (SMS, WhatsApp, iMessage) in connection with voice call follow-up or outreach is also subject to graph8's SMS Terms and Conditions.

9. Changes to These Terms

graph8 reserves the right to update these Calling Terms at any time to reflect changes in law, regulation, subprocessors, or product functionality. graph8 will notify you of material changes by posting an updated version with a new effective date. Your continued use of the Voice Services after the effective date constitutes acceptance of the updated terms.

2.3.0

CIENCE Services Addendum

Last UpdatedJune 6, 2026 Effective DateJune 6, 2026
Table of Contents
1. Scope of Services2. Client Responsibilities3. Fees, Credits & Invoicing4. Social/Platform ToS, Email & Telecom Compliance5. Performance & Platform-Risk Disclaimer6. Voice AI "Twins/Clones", Likeness & Recording7. Ownership, Portability & Licensed/Third-Party Data8. Deliverables, Acceptance & Revisions9. Reporting & Access10. Agency Authority & Subcontractors11. Term, Cancellation & Offboarding12. Confidentiality, Data Protection & Security13. Warranties; Disclaimer14. Indemnification; Limitation of Liability15. Miscellaneous

These Services Terms supplement and incorporate the graph8 Cloud Service Agreement (CSA). Capitalized terms not defined here have the meanings in the CSA. If there is a conflict, these Services Terms control solely for the Services described herein; the CSA controls for all other matters (confidentiality, data protection, warranty disclaimers, limitation of liability, governing law, dispute resolution, etc.). (graph8)

1. Scope of Services

1.1 Delivery Inside graph8. Provider delivers go-to-market engineering and managed campaign services (the "Services") entirely via the graph8 platform's task system; no separate SOWs are required. These Services are named "CIENCE Services".

1.2 Initial Campaign Setup. Provider will design and launch initial campaigns tailored to Client's ICP and market, including: (a) ICP-aligned outreach; (b) intent keyword/topic; (c) competitor; and (d) website-visitor campaigns.

1.3 Engagement Applications. Provider will: (a) add/configure site chat; (b) set up/manage Voice AI (AI receptionist, agent personas, and employee "twin/clone" agents, subject to ยง6); and (c) integrate calendar/meetings including round-robin routing for Clients employees.

1.4 Campaign Automation. Provider will configure multi-channel sequencing, automated follow-ups, and stop rules in the graph8 platform.

1.5 RevOps & Data Layer. Provider will enable data flows to Client's system of record (e.g., CRM/MAP) and store campaign/engagement data in Client's CDP within graph8. Roles, privacy, and security remain governed by the CSA/DPA. (graph8)

1.6 Ongoing Experimentation. After launch, the GTM team and Growth Manager will run continuous iteration (testing, optimization, new campaigns) to improve performance over time.

1.7 Portability. All campaign assets and campaign configurations created for Client are portable and may be exported for Client's use in other systems, subject to ยง7 (Licensed/Third-Party Data).

2. Client Responsibilities

2.1 Access & Assets. Client will provide timely access to required systems (e.g., CRM/MAP/ad accounts, domains/DNS, numbers), brand assets/guidelines, legal/compliance inputs, and designated approvers.

2.2 Lawful Basis & Lists. Client is responsible for maintaining lawful basis for outreach, honoring suppression/opt-out lists, and providing any mandatory disclosures (see ยง4 and ยง6).

2.3 Task Reviews. Client will review/approve tasks and deliverables inside the platform in a timely manner. Delays or missing prerequisites may extend timelines and/or require additional credits/fees.

3. Fees, Credits & Invoicing

3.0 Payment Summary for Order Forms. For clarity in order form creation and client understanding, fees are structured as follows:

Prepaid (Due on Contract Signing): Platform Subscription fee ($499/month), Growth Manager fee ($1,500/month), one-time setup fee ($5,000), and SDR onboarding fee ($1,000 per SDR, if applicable). These fees are due and payable in advance on the first day when signing the contract.

Month-End Invoiced (After Services Delivered): SDR base compensation and commission (invoiced by SDR on 1st of month for preceding month's services), plus a 5% CIENCE administration and payment-processing fee on SDR compensation (see ยง3.6.10). Client pays after services are delivered, not prepaid. Note: the graph8 marketplace charges no separate marketplace platform fee; the 5% fee described here is a CIENCE managed-service charge covering SDR payment processing and administration only.

Subsequent Months: Platform Subscription and Growth Manager fees are invoiced monthly and due on the monthly renewal date for the next month's service period. SDR fees continue on month-end invoicing schedule per ยง3.6.9.

3.0.1 First Month Cost Examples. Examples of total first-month costs (prepaid fees only; SDR fees invoiced separately at month-end):

Configuration Prepaid Fees (First Month) Notes
Base CIENCE Services $6,999 $499 Platform + $1,500 Growth Manager + $5,000 Setup
+ 1 US SDR $7,999 Base + $1,000 SDR onboarding (SDR fees invoiced month-end)
+ 1 Offshore SDR $7,999 Base + $1,000 SDR onboarding (SDR fees invoiced month-end)
+ 2 US SDRs $8,999 Base + $2,000 SDR onboarding (2 ร— $1,000; SDR fees invoiced month-end)

Note: SDR monthly fees (base + commission + 5% CIENCE administration and payment-processing fee) are invoiced at month-end after services are delivered. See ยง3.6.9.2 for SDR cost examples including commission. graph8 charges no separate marketplace platform fee; the 5% fee is a CIENCE managed-service charge.

3.0.2 Credit Terms. Credits and all credit-related pricing, accrual, consumption, expiration, overage, refunds, and auto top-ups are governed by the Credit Terms published in the graph8 platform (the "Credit Terms"). Client agrees that the Credit Terms (as updated from time to time per the CSA) apply to all credit usage within the Services.

3.0.3 Currency & What's Included. All fees are in USD and due on receipt unless otherwise specified in the Order Form. Fees include:

Platform Subscription ($499/month): Platform access, 75,000 credits/month included, platform infrastructure, basic support

Growth Manager ($1,500/month): Dedicated Growth Manager, campaign management, ongoing optimization, strategic guidance

Setup Fee ($5,000 one-time): Initial campaign setup, GTM system configuration, data integration, onboarding support

SDR Onboarding Fee ($1,000 per SDR, one-time): SDR training, system integration, initial setup per SDR

SDR Monthly Fees (invoiced month-end): Base compensation, commission, plus 5% CIENCE administration and payment-processing fee (not a marketplace platform fee). See ยง3.6 for detailed structure.

3.1 Credits. Services consume credits as displayed in the platform. Credits are consumed on a prepaid basis or as part of Client's monthly subscription. Specialized data, enrichment, and add-ons draw down available credits unless otherwise agreed in writing.

3.2 Credit Mechanics. Credit handling depends on credit type:

Monthly Subscription Credits (75,000/month from Platform Subscription): Unused monthly credits roll over to the next month. Credits accumulate month-to-month if not fully consumed.

Prepaid Credits (e.g., 1M Credit Package): Prepaid credits purchased separately (beyond the monthly subscription) do not expire and remain available until consumed. Prepaid credits are used after monthly subscription credits are exhausted. Prepaid credits are purchased "as-is" and are non-refundable , once purchased, prepaid credits cannot be refunded regardless of usage, cancellation, or contract termination. Prepaid credits remain available for use until fully consumed.

Credit Exhaustion: If all available credits (monthly + prepaid) are exhausted, Services may pause until additional credits are purchased or the next monthly grant is available.

Auto Top-Ups: Client may enable auto top-ups (if offered) per platform settings to automatically purchase additional credits when balance is low.

3.3 Invoices & Terms. Platform Subscription fees, Growth Manager fees, and one-time setup fees are due and payable in advance on the first day when signing the contract. For subsequent monthly billing periods, Platform Subscription and Growth Manager fees are invoiced monthly and due on the monthly renewal date for the next month's service period. SDR fees are not prepaid , SDR compensation (base + commission) follows a separate month-end invoicing schedule per ยง3.6.9, where SDRs submit invoices at month-end for services rendered during that month, and Client pays after services are delivered.

3.3.1 Payment Methods & Billing Contact. Payments may be made via credit card, ACH, wire transfer, or other methods as specified in the Order Form or platform settings. Invoices are delivered via email to the billing contact designated by Client and are also available in the graph8 platform. For billing questions or payment issues, contact [email protected] or initiate a support ticket through the platform.

3.3.2 Late Payment. Past-due balances accrue interest at 1% per month (12% APR). If an invoice remains unpaid for 14 days, graph8 may suspend Client's platform account and related Services,including creation of new SDR engagements or invoice approvals,until payment is received. Services may resume upon payment of all outstanding amounts including accrued interest.

3.4 Recurring Services & Contract Terms. Services operate on a monthly subscription basis. Some clients may opt for an initial 3-month contract term with prepaid amounts as specified in the Order Form. After the initial term (whether monthly or 3-month), the contract automatically renews month-to-month unless the Order Form specifies a different renewal term (e.g., quarterly, yearly). Either party may cancel effective at the end of the then-current term via platform cancellation or written notice per ยง11.2.

3.4.1 Prepaid Multi-Month Contracts. If Client opts for a 3-month (or other multi-month) prepaid contract as specified in the Order Form, all prepaid fees for the entire contract term are due and payable on the first day when signing the contract. Prepaid amounts for multi-month contracts are non-refundable, regardless of when Client cancels, as Client receives Services for the full prepaid term. After the prepaid term expires, the contract automatically renews month-to-month (or as specified in the Order Form) unless either party cancels per ยง11.2.

3.5 Out-of-Pocket & Media Spend. External costs (e.g., ad spend, third-party tools) are pre-approved and billed separately at cost. Unless otherwise agreed in writing, Client is the payer of record on media platforms; Provider does not hold/custody Client media budgets.

3.5.1 Third-Party Tools, Credit Conversion, and Billing

3.5.1.1 Use of Third-Party Services. As part of delivering Services (including but not limited to SDR services, data enrichment, sales outreach, prospecting, or campaign execution), graph8 and its affiliated CIENCE delivery teams may use third-party platforms, tools, or data providers ("Third-Party Tools"). These may include, but are not limited to: (a) contact enrichment services (e.g., Clay, Apollo, MixRank, Clearbit), (b) LLM-powered enrichment or token-based processing, and (c) seat-based tools such as LinkedIn Sales Navigator, HeyReach, or other outreach or data platforms.

3.5.1.2 Client Responsibility for Third-Party Charges. When Third-Party Tools are used on behalf of Client, Client agrees to be responsible for the associated fees. graph8 will pass through these costs to Client as credit-based line items within the graph8 platform.

3.5.1.3 Conversion of Third-Party Costs Into Credits: Enrichment-Based Usage (Variable Costs). For usage-based or consumption-based Third-Party Tools (including LLM token costs, per-lookup enrichment, and variable API calls), fees will be converted into graph8 credits using the following formula:

Credits Charged = (Third-Party Cost ร— 1.3) รท Credit Conversion Rate

graph8 applies a 30% margin to enrichment-based costs to account for processing and delivery overhead.

3.5.1.4 Conversion of Third-Party Costs Into Credits: Seat-Based Tools (Fixed Monthly Costs). For monthly or per-seat Third-Party Tools used on behalf of Client, graph8 will convert the vendor's public list price into credits at the standard Credit Conversion Rate. No margin is added to seat-based tools.

3.5.1.5 Credit Conversion Rate. For the purposes of this Agreement, credits are valued based on Client's current subscription plan. Unless otherwise specified, the standard Credit Conversion Rate is defined as: 1 credit = Total Subscription Fee / Total Monthly Credits Provided. Example (Platform Plan): $499 / 75,000 credits = $0.00665 per credit.

3.5.1.6 Billing and Line-Item Visibility. All Third-Party Tool charges will appear as separate line items in Client's monthly credit ledger and billing statement. Each line item will include: (a) the name of the Third-Party Tool, (b) the underlying USD cost (for transparency), (c) the number of credits deducted, and (d) whether a margin was applied (enrichment only).

3.5.1.7 Credit Deduction Timing. (a) Enrichment usage will be deducted upon completion of enrichment or API processing. (b) Seat-based tools will be deducted on the first day of each month for the upcoming billing period. (c) Additional charges may apply if multiple seats are required for Client operations.

3.5.1.8 Client Authorization. By using graph8 and the associated CIENCE services, Client expressly authorizes graph8 to procure and utilize Third-Party Tools as needed to perform the agreed-upon services and to convert such costs into credits for billing. All converted charges will be governed by the formulas and structure described above.

3.5.1.9 Client Disputes. Clients may request clarification for any Third-Party Tool charge within 10 business days of the billing period. After this period, charges are considered accepted.

3.5.1.10 Changes to Third-Party Rates. Vendor prices for Third-Party Tools may change. graph8 may adjust the credit conversion accordingly without prior notice, provided the adjustment reflects the updated vendor list price or usage cost.

3.6 SDR Compensation Structure. SDRs are an optional add-on service available through the graph8 marketplace as part of CIENCE Services. SDRs may be individual independent contractors or employees of approved Agency Partners (call centers, staffing agencies, etc.). When Client engages SDRs, the following compensation structure applies regardless of SDR type, except as noted in ยง3.6.14 for Agency SDRs. SDRs engaged through CIENCE Services are subject to the Marketplace Terms & Conditions (graph8), except as modified by this Addendum. In case of conflict between this Addendum and Marketplace Terms, this Addendum controls for SDRs engaged as part of CIENCE Services.

3.6.1 Base Compensation. Each SDR earns a monthly base salary determined by their SDR level and location. Base compensation is earned for activity and compliance (performing required activities, logging work, adhering to compliance terms). Base compensation rates are as follows:

SDR Level Offshore Base US Base Core Profile
SDR 1 $1,000/month $2,400/month Scripted Outreach
SDR 2 $1,200/month $2,600/month Independent Producer
SDR 3 $1,400/month $2,800/month Data-Driven Optimizer
SDR 4 $1,600/month $3,000/month Strategy & Coaching

3.6.2 Commission Structure. Each SDR earns commission on a per-held-appointment basis. The commission structure is designed to achieve equilibrium , where the SDR's monthly commission aligns with their base salary under consistent, high-quality performance at defined performance targets.

3.6.2.1 Definition of "Held Appointment". A "held appointment" is a scheduled meeting between the SDR's prospect and Client's designated representative (e.g., sales rep, account executive) that: (a) was scheduled through the graph8 platform or Client's integrated calendar system; (b) occurred at the scheduled time (or was rescheduled and held within the same calendar month); (c) was attended by both parties (or the prospect attended and Client's representative was available); and (d) was not cancelled by the prospect more than 24 hours before the scheduled time. Appointments that are no-shows (prospect fails to attend without cancellation), cancelled by prospect less than 24 hours before scheduled time, or cancelled by Client do not qualify as held appointments. The Growth Manager, in consultation with Client, determines whether an appointment qualifies as "held" based on platform records and calendar confirmations.

3.6.2.2 Commission Calculation Formula. Commission is calculated as: Commission = (Calibrated Rate) ร— (Number of Held Appointments). During the initial 90-day calibration period, commission is calculated using the initial rate (typically $250 per held appointment) until a calibrated rate is established. After calibration, the calibrated rate applies to all held appointments.

3.6.3 Initial Commission Rate. The initial commission rate typically starts at $250 per held appointment. This rate serves as a starting point and is subject to calibration during the first 90 days of engagement. The initial rate applies to all held appointments during the calibration period.

3.6.4 Equilibrium Calibration Period. During the first 90 days of engagement (measured from the SDR's first day of active work on Client's campaigns), the per-appointment commission rate is calibrated collaboratively between Client, Growth Manager, and SDR to identify the "equilibrium rate" , the commission rate that ensures fairness, predictability, and sustainability for both parties.

3.6.4.0 What is Equilibrium? Equilibrium is achieved when the SDR's monthly commission aligns with their base salary under consistent, high-quality performance at defined performance targets. For example, if a US SDR 2 has a base salary of $2,600/month and the performance target is 10 appointments/month, equilibrium would be achieved at a commission rate of $260 per appointment ($260 ร— 10 = $2,600 commission โ‰ˆ $2,600 base). This balanced model ensures:

Fairness: SDRs are compensated appropriately for effort and results, regardless of market difficulty

Predictability: Both Client and SDR can forecast monthly costs and earnings

Sustainability: The compensation structure remains viable long-term for both parties

Market Adaptation: Commission rates adapt to actual market realities , easier markets may have lower rates (more appointments achievable), while difficult markets may have higher rates (fewer appointments achievable) , ensuring SDRs are rewarded equally for effort and quality across different market conditions

The equilibrium rate may be higher or lower than the initial $250 rate depending on real-world outcomes. For example, in an easy market where an SDR can achieve 20 appointments/month, equilibrium might be $130/appointment ($130 ร— 20 = $2,600). In a difficult market where only 5 appointments/month are achievable, equilibrium might be $520/appointment ($520 ร— 5 = $2,600). The calibration period identifies the true equilibrium rate for each specific campaign and market. The goal is to establish a fair and equitable commission structure that benefits both the SDR and Client.

3.6.4.1 Benchmark Data. If Client has existing historical data from previous SDR engagements, internal sales teams, or similar campaigns (e.g., appointment volumes, conversion rates, market difficulty metrics), this data may be used as a benchmark during calibration to accelerate the equilibrium identification process. The Growth Manager will review Client's benchmark data alongside actual performance data from the first 30-60 days to propose an equilibrium rate that reflects both historical patterns and current campaign realities. Use of benchmark data is optional and requires Client to provide such data; if no benchmark data is available, calibration proceeds based solely on actual performance during the 90-day period.

3.6.4.2 Calibration Factors. During calibration, the commission rate is evaluated based on:

Actual appointment volume achieved

Response rates and conversion metrics

Effort required to execute the full SDR workflow (research, outreach, communication quality)

Appointment difficulty and market dynamics

Total achievable appointment volume for the campaign

Client-provided benchmark data (if available)

3.6.4.3 Calibration Process. The Growth Manager initiates calibration review at 30, 60, and 90 days, presenting data and proposed rate adjustments. All parties (Client, Growth Manager, SDR) must mutually agree on any rate change. If parties cannot agree, the rate remains at the last agreed-upon value (or initial $250 rate if no agreement has been reached).

3.6.4.4 Rate Range. The calibrated commission rate may be higher or lower than the initial $250 rate based on market realities. Typical rates range from $50 to $700+ per held appointment, depending on campaign difficulty, conversion rates, and achievable volume. There is no minimum or maximum rate; the rate is determined by what achieves equilibrium (commission โ‰ˆ base salary at target performance).

3.6.4.5 SDR Replacement During Calibration. If an SDR is replaced during the calibration period, the replacement SDR begins a new 90-day calibration period with the initial $250 rate. The previous SDR's calibration data does not transfer to the replacement SDR.

3.6.4.6 Calibration Start Date. The 90-day calibration period begins on the SDR's first day of active work on Client's campaigns, not the contract signing date or onboarding completion date.

3.6.5 Performance Targets. Each campaign defines a realistic appointment target (e.g., 2, 5, 10, or 15 appointments per month) based on market dynamics. Performance targets are set collaboratively by Client, Growth Manager, and SDR during campaign setup and may be adjusted during the calibration period based on actual performance data. An SDR who reaches their defined performance target per campaign would earn monthly commission roughly equal to their base salary, maintaining a balanced compensation model. Performance targets are documented in the platform and may vary by campaign or SDR level.

3.6.6 Post-Calibration Rate. Once equilibrium is established through the calibration period (typically at the 90-day mark, but may be finalized earlier if all parties agree), the commission rate is fixed to maintain consistent monthly outcomes for both parties. During the calibration period, rate adjustments require mutual agreement between Client, Growth Manager, and SDR to ensure transparency, fairness, and shared success. After calibration, Client and SDR may mutually agree at any time to modify the commission rate, commission structure, performance targets, or base salary per ยง3.6.6.1. The calibrated rate may also be adjusted if: (a) campaign parameters significantly change (e.g., new market, different ICP) and all parties (Client, Growth Manager, SDR) mutually agree; or (b) SDR is reassigned to a different campaign with different difficulty parameters.

3.6.6.1 Modification of Compensation Terms. Client and SDR may mutually agree at any time to modify the commission structure (rate, calculation method, performance targets) or base salary. Any such modifications must be agreed upon in writing by both Client and SDR and documented in the engagement contract or through a written amendment. Modifications to base salary or commission structure are matters between Client and SDR; graph8 processes payments according to the terms agreed upon by Client and SDR. The Growth Manager should be notified of any modifications for record-keeping purposes, but Growth Manager approval is not required for Client-SDR mutual agreements to modify compensation terms.

3.6.7 Multiple SDRs. Client may engage multiple SDRs simultaneously. Each SDR has their own base compensation (based on their level and location) and commission rate (calibrated individually). Different SDRs may have different commission rates based on their assigned campaigns, performance, and calibration outcomes. Client may mix US and Offshore SDRs; each is compensated according to their respective base rates and individually calibrated commission rates. The one-time onboarding fee applies to each new SDR engaged.

3.6.8 One-Time Onboarding Fee. A one-time onboarding fee of $1,000 per SDR applies when engaging a new SDR through the marketplace. This fee covers training, system integration, and initial setup. The onboarding fee is due and payable on the first day when signing the SDR engagement contract. If an SDR is replaced, the replacement SDR incurs a new $1,000 onboarding fee.

3.6.9 Payment Schedule & Proration. SDR fees are not prepaid , SDR compensation is invoiced at month-end after services are delivered, separate from the prepaid Platform Subscription, Growth Manager, and setup fees per ยง3.3. SDR compensation follows the payment schedule set forth in the Marketplace Terms & Conditions (graph8): (a) SDR submits invoice on the 1st of each month covering base compensation and earned commission for the preceding month; (b) Client must approve or formally dispute by the 5th; (c) Payment is due by the 10th; (d) SDR payout is released by the 15th. Payment of base compensation is contingent upon Client approval that the SDR performed required activities and adhered to compliance terms. Payment of earned commission is contingent upon the SDR meeting performance targets and delivering held appointments as defined in the engagement.

3.6.9.1 Partial Month Proration. If an SDR starts mid-month, base compensation is prorated based on the number of days worked in that month (base salary รท 30 ร— days worked). Commission is earned only for held appointments that occur during the SDR's active period. If an SDR leaves mid-month, base compensation is prorated for days worked, and commission is earned only for held appointments that occurred before the SDR's last day. If engagement is terminated mid-month per ยง11, Client is responsible for prorated base compensation and commission for held appointments through the effective termination date.

3.6.9.2 Total Cost Examples. Total monthly SDR cost includes base compensation, commission, and a 5% CIENCE administration and payment-processing fee (calculated on base + commission). This fee is not a marketplace platform fee; it is a CIENCE managed-service charge covering SDR payment processing and administration. Examples:

US SDR 2 at target performance (10 appointments/month at $260/appointment): $2,600 base + $2,600 commission + $260 CIENCE admin fee (5%) = $5,460/month

US SDR 2 minimum cost (no appointments): $2,600 base + $130 CIENCE admin fee (5%) = $2,730/month

Offshore SDR 1 at target performance (8 appointments/month at $125/appointment): $1,000 base + $1,000 commission + $100 CIENCE admin fee (5%) = $2,100/month

Offshore SDR 1 minimum cost (no appointments): $1,000 base + $50 CIENCE admin fee (5%) = $1,050/month

3.6.10 CIENCE Administration and Payment-Processing Fee. For SDR engagements under CIENCE Services, graph8 charges Client a 5% CIENCE administration and payment-processing fee on total SDR compensation (base + commission). This fee is a CIENCE managed-service charge and is distinct from any marketplace platform fee (the graph8 marketplace charges no separate marketplace platform fee). The fee is added to the SDR invoice amount. For example, if an SDR invoice totals $3,000 (base + commission), Client pays $3,150 ($3,000 paid to SDR + $150 CIENCE administration and payment-processing fee to graph8). Payment of SDR compensation is processed via Stripe Connect Express, Stripe Cross-Border, or Wise, as applicable based on the SDR's location and payment preferences.

3.6.10.1 No Margin on SDR Payments. CIENCE/graph8 does not make any margin or profit on SDR base compensation or commission payments. The 5% CIENCE administration and payment-processing fee covers payment processing costs (Stripe Connect Express, Stripe Cross-Border, or Wise, as applicable), platform infrastructure, and administrative overhead for facilitating SDR engagements only. SDR compensation (base + commission) is passed through to SDRs at cost. Client pays the SDR compensation plus the administration fee through the graph8 platform; graph8 receives only the 5% CIENCE administration and payment-processing fee. This fee is separate from and in addition to any payment provider processing fees, which are deducted by the payment provider from the SDR's net payout.

3.6.10.2 Client Payment Obligation & Risk Allocation. Client is solely responsible for paying SDRs for services rendered. SDRs are not paid if Client does not pay. graph8 acts solely as a payment processor and platform facilitator , graph8 does not hold any financial risk, guarantee SDR payments, or advance funds to SDRs. Even though SDR payments are processed through graph8's payment provider as a passthrough, Client remains fully accountable for payment obligations to SDRs. If Client fails to pay an SDR invoice, the SDR does not receive payment, and graph8 is not liable for the unpaid amount. Client's payment obligation to SDRs exists independently of graph8's role as payment processor. This risk allocation ensures that Client maintains direct accountability for SDR compensation while graph8 provides payment processing services without assuming financial liability.

3.6.11 Dispute Process. Client disputes regarding base compensation are strictly limited to instances of verifiable failure to perform activities (e.g., absence, failure to log work) or material breach of compliance/acceptable use terms. Disputes regarding commission are addressed through the commission structure and performance targets. Any payment reduction for failure to meet performance targets is applied to earned commission first, never base compensation. Disputes regarding whether an appointment qualifies as "held" are resolved by the Growth Manager based on platform records and calendar confirmations. For full dispute procedures, see the Marketplace Terms & Conditions (graph8).

3.6.12 Reporting & Transparency. Held appointments, commission calculations, and SDR performance metrics are tracked in the graph8 platform and available to Client via platform dashboards per ยง9.1. Client may review appointment records, commission calculations, and SDR activity logs at any time. Commission calculations are included in monthly SDR invoices submitted on the 1st of each month.

3.6.13 Termination & Transition. If engagement is terminated per ยง11, Client is responsible for prorated base compensation and commission for held appointments through the effective termination date. If an SDR is replaced, the replacement SDR incurs a new $1,000 onboarding fee and begins a new 90-day calibration period. Commission earned by the previous SDR for held appointments that occurred before replacement is payable per the normal payment schedule.

3.6.14 Agency SDRs. When SDRs are provided by an approved Agency Partner (call center, staffing agency, or similar organization):

Service Provider: The Agency (not the individual SDR) is the service provider. All fees are invoiced to Client and remitted to the Agency. The Agency is responsible for paying its employees.

Compensation: The Agency determines how to compensate its employees. graph8 pays the Agency the agreed rate; the Agency's internal compensation structure is not visible to Client or graph8. The base compensation rates in ยง3.6.1 represent the rates paid to the Agency, not necessarily the wages the Agency pays its SDRs.

Commission Structure: The equilibrium calibration process (ยง3.6.4) applies to Agency SDR engagements to determine the per-appointment rate paid to the Agency. How the Agency shares or distributes commission internally is at the Agency's sole discretion.

No Direct Hire: Client may NOT directly hire Agency SDRs. This restriction applies during the engagement and for twelve (12) months following termination. See Marketplace Terms & Conditions (graph8) for details.

Replacement: If an Agency SDR needs to be replaced, the Agency will provide a replacement SDR at no additional onboarding cost to Client. The $1,000 onboarding fee (ยง3.6.8) does not apply to Agency-initiated replacements within the same engagement.

Employment & Liability: The Agency is solely responsible for its SDRs' acts, omissions, and all employment-related matters. Neither graph8 nor Client is an employer or co-employer of Agency SDRs.

Agency Agreement: Agencies participating in the marketplace are bound by the Agency Participation Agreement.

4. Social/Platform ToS, Email & Telecom Compliance

4.1 Platform ToS. Social/advertising activities are performed under each platform's Terms of Service (e.g., Meta, LinkedIn, X/Twitter, Google). If Client directs activities outside those rules, such activities are at Client's sole risk. Provider is not responsible for enforcement actions, account suspensions, ad rejections, or takedowns resulting from such activities.

4.2 Email. Client will comply with applicable email regulations (including CAN-SPAM (US) and, where applicable, CASL (Canada) and PECR/ePrivacy (UK/EU)). Client is responsible for sender identity, lawful basis, unsubscribe/opt-out, suppressions, and SPF/DKIM/DMARC authentication/reputation. Provider may assist setup but does not guarantee deliverability.

4.3 Telecom/Messaging, Recording, and AI-Assisted Calling. Client will comply with TCPA, TSR, state analogs, local DNC, A2P 10DLC registration, STIR/SHAKEN, and all call-recording and consent laws (including two-party consent jurisdictions). Client authorizes Provider to provision numbers and register brands and campaigns on Client's behalf, where needed. CIENCE-managed campaigns may use the graph8 dialer, which records, transcribes, and AI-grades calls using automated analysis. Such recording, transcription, and AI grading activities are subject to the graph8 Calling and Recording Terms, Privacy Policy, and Data Processing Agreement, each incorporated herein by reference. Client is responsible for providing any legally required call-recording disclosures to call participants. Infrastructure for calling services is provided by approved subprocessors including Twilio Inc., Telnyx LLC, Deepgram, Inc., Cartesia, Inc., and LiveKit, Inc. (as applicable).

4.4 Opt-Outs & Suppression. Client must maintain and honor opt-out/suppression across channels; Provider will implement platform-level suppression per Client configuration.

5. Performance & Platform-Risk Disclaimer

5.1 Iteration System, Not Guarantees. Provider uses reasonable skill and care and operates an iteration-driven system intended to improve ROI over time. No specific results are guaranteed (including leads, conversions, revenue, inbox placement, social reach, ad approvals, or reinstatement).

5.2 Third-Party Risk. Provider is not responsible for third-party outages, policy changes, enforcement actions, or account approvals.

6. Voice AI "Twins/Clones", Likeness & Recording

6.1 Consent & Rights. Client represents/warrants it has informed, written consent and all necessary rights of publicity/likeness from any individual (e.g., employees) for whom a "twin/clone" voice or persona is created and deployed.

6.2 Biometric/Voice Laws. Where applicable (e.g., IL BIPA, TX CUBI), Client will provide required notices and obtain consents.

6.3 Required Disclosures. Where required by law or policy, Client will provide AI and/or recording disclosures to call/chat participants.

6.4 Prohibitions. No impersonation without consent; no fraudulent or deceptive representations.

7. Ownership, Portability & Licensed/Third-Party Data

7.1 Portability. Upon full payment, Client receives a non-exclusive, worldwide license to use creative, playbooks, reports, and campaign configurations created for Client and may export them for use elsewhere.

7.2 Provider IP. Templates, frameworks, methodologies, software, and the platform are,and remain,Provider IP. No implied rights are granted. (graph8)

7.3 Licensed/Third-Party Data. Specialized datasets or third-party-licensed data are subject to their licensors' terms and may be export-restricted. Client must not resell, sublicense, or export such data beyond permitted use. Where export is restricted, Provider will provide equivalent metadata or audience definitions to preserve campaign portability without violating license terms.

8. Deliverables, Acceptance & Revisions

8.1 In-Platform Delivery. Deliverables (assets, enriched data, reports, configs) are provided via the platform.

8.2 Deemed Acceptance. Unless Client provides a written, specific objection within five (5) business days of availability, a deliverable is deemed accepted.

8.3 Revisions. Revisions beyond what is included in platform workflows consume additional credits or are billed at standard rates.

9. Reporting & Access

9.1 Dashboards. Performance and operational metrics are available via platform dashboards and/or scheduled reports configured by Client.

9.2 Audit Trails. Task histories and change logs are retained per platform policy (see CSA/DPA for retention). (graph8)

10. Agency Authority & Subcontractors

10.1 Authority. Client authorizes Provider to act in Client's systems/accounts as reasonably necessary to deliver the Services, subject to Client policies.

10.2 Subcontractors. Provider may use qualified subcontractors/affiliates and remains responsible for their performance and confidentiality.

11. Term, Cancellation & Offboarding

11.1 Term. Services are provided on a monthly basis aligned to Client's subscription, unless the Order Form specifies an initial multi-month term (e.g., 3-month prepaid contract). After the initial term, the contract automatically renews month-to-month unless the Order Form specifies a different renewal term (e.g., quarterly, yearly).

11.2 Cancellation. Either party may cancel effective at the end of the then-current term (monthly, quarterly, or as specified in the Order Form) via platform cancellation or written notice. Cancellation is effective only at the end of the then-current term, not mid-term.

11.3 For Cause. Either party may terminate immediately for material breach not cured within thirty (30) days of written notice.

11.4 Effect. Client is responsible for credits consumed and fees incurred through the effective date. Provider will keep in-progress work and export tools available for thirty (30) days post-termination to support offboarding; additional offboarding assistance may be billed.

11.5 Refund Policy for Prepaid Fees. Prepaid fees (Platform Subscription, Growth Manager, setup fee, SDR onboarding fee, any multi-month prepaid contract amounts, and prepaid credits) are non-refundable. Since cancellation is effective only at the end of the then-current term per ยง11.2, Client has received Services for the full term and no refund applies. This includes: (a) monthly prepaid fees , no refund since Client receives Services for the full month; (b) multi-month prepaid contracts (e.g., 3-month prepaid) , no refund regardless of when Client cancels, as Client receives Services for the full prepaid term; (c) prepaid credits , prepaid credits are purchased "as-is" and are non-refundable regardless of usage, cancellation, or contract termination. Prepaid credits remain available for use until fully consumed and do not expire per ยง3.2. Exceptions: (a) if Provider terminates for convenience (not for Client breach), Client will receive a prorated refund of prepaid Platform Subscription and Growth Manager fees for the unused portion of the then-current term, but setup fees, SDR onboarding fees, multi-month prepaid contract amounts, and prepaid credits remain non-refundable; (b) if Client terminates due to Provider's material breach per ยง11.3, Client will receive a prorated refund of prepaid Platform Subscription and Growth Manager fees for the unused portion of the then-current term, but setup fees, SDR onboarding fees, multi-month prepaid contract amounts, and prepaid credits remain non-refundable. SDR fees (base + commission) are invoiced at month-end after services are delivered and are not subject to refund except for disputed amounts resolved in Client's favor per ยง3.6.11.

12. Confidentiality, Data Protection & Security

12.1 Incorporation by Reference. Confidentiality, privacy, data protection, and security obligations are governed by the CSA (and any DPA), which are incorporated here by reference. (graph8)

12.2 System of Record. Provider will support flows to Client's system of record as configured; data classification and retention policies follow the CSA/DPA. (graph8)

13. Warranties; Disclaimer

13.1 Standard of Care. Provider will perform the Services with reasonable skill and care consistent with industry standards.

13.2 Disclaimer. Except as expressly stated in these Services Terms and the CSA, the Services are provided "as is." Provider disclaims all other warranties (including implied warranties of merchantability, fitness for a particular purpose, and non-infringement). No outcomes are guaranteed. (graph8)

14. Indemnification; Limitation of Liability

14.1 Client Indemnity. Client will defend and indemnify Provider against claims arising from: (a) Client data, content, or instructions; (b) Client's violation of law, platform ToS, or third-party terms; or (c) lack of consents/rights for voice "twins/clones," call recording, or outreach.

14.2 Liability Cap & Exclusions. The CSA's limitation of liability applies to the Services. For clarity, Provider's aggregate liability arising from the Services will not exceed the fees paid by Client for the Services in the twelve (12) months preceding the claim, and neither party is liable for indirect, incidental, special, consequential, or punitive damages. (graph8)

15. Miscellaneous

15.1 No SOW Requirement. The platform task system replaces traditional SOWs; task-level scopes, approvals, and history are binding records of work.

15.2 Order of Precedence. CSA โ†’ DPA โ†’ these Services Terms โ†’ Order Forms/platform plans. If an Order Form expressly modifies a Services clause, that Order Form controls for that clause.

15.3 Updates. Provider may update these Services Terms as permitted by the CSA. Material changes will be communicated via the platform or email. (graph8)

By using the Services, Client agrees to these Services Terms and the CSA.

2.3.0

Talent Participation Agreement

Last UpdatedJune 6, 2026 Effective DateJune 6, 2026
Table of Contents
1. Key Terms2. Platform Access and Independent-Contractor Status3. Onboarding and Contracts4. Monthly Billing (Commission and Payment)5. Deliverables and Quality6. Confidentiality and Intellectual Property7. Direct-Hire Flexibility (Individual Talent)8. Acceptable Use & Platform Integrity9. Disclaimers and Liability10. Updates to These Terms11. Call Recording, Transcription, and AI Quality Analysis12. Automated Talent-Match Scoring13. Tax Forms and Reporting14. Governing Law and Disputes

By signing up as individual independent contractor Talent on the graph8 talent marketplace, you agree to these terms. "Talent" includes Sales Development Representatives (SDRs), Account Executives (AEs), GTM Engineers, Customer Success Managers (CSMs), and similar go-to-market roles offered through the marketplace. They are designed to protect you, the Client, and graph8 while keeping the process fast and flexible. If you are an employee of an Agency Partner (call center, staffing agency, etc.), your Agency's participation agreement governs your engagement, and you should not sign this individual agreement. See the Agency Participation Agreement for details. If you are engaged by a Client as part of CIENCE Services, the CIENCE Services Addendum (graph8) contains additional terms specific to CIENCE Services, including detailed commission structure, equilibrium calibration, and benchmark data usage. In case of conflict between this Agreement and the CIENCE Services Addendum, the CIENCE Services Addendum controls for Talent engaged as part of CIENCE Services.

1. Key Terms

Term Meaning
Talent You, the individual independent contractor providing go-to-market services (for example SDR, AE, GTM Engineer, or CSM). (Agency Talent are governed by the Agency Participation Agreement.)
Client Any business that hires you through graph8.
graph8 Marketplace operator, platform provider, and processor of marketplace payments and payouts.
Payment Providers Stripe (Stripe Connect Express and Stripe Cross-Border) and Wise, the third-party services graph8 uses to verify your identity and tax information and disburse your payouts. Contracts are generated and e-signed inside the graph8 app.

2. Platform Access and Independent-Contractor Status

You act solely as an independent contractor, not an employee of graph8 or the client.

You control your own schedule, methods, and tools,subject to meeting the client's agreed deliverables.

graph8 does not withhold taxes or provide employee benefits; you are responsible for all required filings and payments in your jurisdiction.

3. Onboarding and Contracts

For each engagement, graph8 generates a contract inside the graph8 app with your rate, scope, and payment cycle, and notifies you to review it on a dedicated contract page. You and the Client both have permanent visibility of the contract on that page.

Before your first payout, you must complete the payout onboarding flow for your assigned track. For Stripe Connect Express that means a verification flow in Stripe's hosted dashboard (identity, business info, bank account). For Wise that means providing recipient information graph8 uses to send funds. You are responsible for the accuracy of any tax and identity information you submit.

Work begins only after you e-sign the contract inside the graph8 app. Your acceptance is captured with a timestamp, IP address, and signature record, and a signed PDF copy is made available to both parties.

4. Monthly Billing (Commission and Payment)

Rate Setting. You and the Client negotiate and agree upon rates directly. graph8 may publish suggested rate cards or recommended ranges for reference only. The final rate is determined solely by the agreement between you and the Client. You and the Client may agree to any combination of base compensation, per meeting compensation, commission, performance bonuses, or other structures.

Service Statement. On the first calendar day of each month you will submit, through the graph8 platform, a single Service Statement covering the immediately preceding month. The Service Statement is itemized: it lists your agreed base compensation as a line item, one line item per recognized meeting (if your contract includes per meeting compensation), and any additional line items you add manually (for example a commission claim referencing a closed deal, a performance bonus, or a reimbursable expense). The Service Statement total is computed automatically from the line items.

Client Approval. The Client must approve or formally dispute the Service Statement no later than the 5th of that month. Approval is recorded inside the graph8 platform. If the Client takes no action, the Service Statement is deemed approved on the 5th.

Invoice and Payment. Upon approval the Service Statement is locked, and graph8 issues a single invoice to the Client for the Service Statement total. The Client is obligated to remit payment via the graph8 hosted Stripe Checkout on or before the 10th of the month. Once funds clear, graph8 releases your payout through your assigned payout track on or before the 15th of the same month.

Payment Contingency. Payment of Base Compensation is contingent upon the Client confirming, through approval of the Service Statement, that you performed the required activities and adhered to all compliance terms during the month. Payment of earned Commission is contingent upon meeting the contractual KPIs for the preceding month and the Commission line items being approved by the Client on the Service Statement.

Modification of Compensation Terms. You and the Client may mutually agree at any time to modify the commission structure (rate, calculation method, KPIs) or base salary. Any such modifications must be agreed in writing through a contract amendment inside graph8. graph8 processes payments according to the terms in the active contract and the approved Service Statement.

Late or Withheld Payments. Late Client payments may delay your payout. graph8 will not pursue collection and is not financially liable for the Client's failure to pay. You will handle all payment disputes directly with the Client. Any payment reduction for failure to meet KPIs is applied to earned Commission first. Any withholding of Base Compensation must be clearly documented by the Client through a formal dispute on the Service Statement as a failure to perform activities or a breach of the Acceptable Use terms.

No Platform Fee. graph8 does not charge a marketplace or platform fee. The Client pays the approved Service Statement total, and graph8 retains no margin on your compensation. The payment provider for your assigned payout track (Stripe or Wise) deducts its processing fee from the transaction, and you receive the net balance. graph8 passes these processing fees through and does not absorb them.

5. Deliverables and Quality

Provide accurate activity logs (e.g., calls made, emails sent) if the client requests them.

Maintain professional conduct: no spam, misrepresentation, or discriminatory practices.

Comply with all applicable laws (CAN-SPAM, GDPR, local telemarketing rules).

Non-Performance and Base Compensation: You must maintain professional conduct (no spam, misrepresentation) and comply with all applicable laws (CAN-SPAM, GDPR, local telemarketing rules). Client disputes leading to non-payment of Base Compensation are strictly limited to instances of verifiable failure to perform activities (e.g., absence, failure to log work) or a material breach of compliance/acceptable use terms.

If a client raises a performance dispute, graph8 may request supporting evidence (call recordings, email logs) and mediate. Disputes regarding conversion rates or failure to meet KPIs are primarily addressed through the commission structure, not the Base Compensation.

6. Confidentiality and Intellectual Property

Treat all client and prospect data as confidential; use it only for the engagement.

Upon full payment, all work product belongs to the client,including call notes, email drafts, target lists, and related materials.

Delete or return client data within 14 days of engagement end unless legally required to keep records.

7. Direct-Hire Flexibility (Individual Talent)

As individual independent contractor Talent, a Client may hire you off-platform at any time after all outstanding invoices are settled.

If hired off-platform, promptly mark the engagement as closed in graph8 so platform metrics stay accurate.

Note: This direct-hire option applies only to individual independent contractor Talent. Talent who are employees of Agency Partners are not eligible for direct hire by Clients. See the Marketplace Terms & Conditions for details.

8. Acceptable Use & Platform Integrity

Do not share your graph8 account credentials or your payout provider login (Stripe Express dashboard or Wise account).

Follow all applicable laws (CAN-SPAM, GDPR, local telemarketing rules).

graph8 may suspend or terminate your account for fraud, harassment, or repeated client complaints.

9. Disclaimers and Liability

The platform is provided "as-is." graph8 makes no guarantee of client demand or income.

graph8's total liability to you is capped at the lesser of (a) $500 or (b) the graph8 fees collected on your engagements in the 90 days before a claim.

You agree to indemnify graph8 against claims arising from your unlawful conduct or breach of these terms.

10. Updates to These Terms

graph8 may modify this agreement at any time. Material changes will be posted on the platform; continued use after the "last updated" date constitutes acceptance.

11. Call Recording, Transcription, and AI Quality Analysis

Dialer Use. If you use the graph8 dialer to make calls on behalf of a Client, your calls will be recorded and transcribed automatically as part of the platform's standard operation. By accepting an engagement that involves use of the graph8 dialer, you consent to recording and transcription of all calls made through that dialer, and to automated AI analysis of those calls for quality-assurance purposes, including scoring call quality, script adherence, and compliance.

Purpose and Access. Recordings, transcripts, and AI-generated scores are used to operate and improve the platform, support quality assurance, and provide Clients with performance data for the engagement. Clients may access recordings and transcripts for your calls conducted on their behalf. graph8 handles this data in accordance with the graph8 Privacy Policy and the applicable Data Processing Agreement.

Calling and Recording Terms. Your use of the dialer is also governed by the graph8 Calling and Recording Terms, which contain additional obligations regarding two-party consent jurisdictions, required disclosures to call recipients, and telecom compliance. You are responsible for complying with all applicable call-recording and consent laws in every jurisdiction where you make or receive calls.

12. Automated Talent-Match Scoring

How It Works. The graph8 marketplace uses automated tools to score and rank Talent profiles when Clients search for candidates. These tools analyze information you provide in your profile (such as your work history, stated skills, role type, location, and engagement track record) to generate a relevance score that helps Clients evaluate whether your profile is a good match for their engagement.

Decision Support Only. Automated scoring is decision-support only. graph8 does not make hiring decisions on behalf of Clients. The score influences how prominently your profile appears in search results, but Clients review profiles and make all final hiring decisions themselves.

Your Rights. You may contact graph8 at [email protected] to request information about how the automated scoring applies to your profile, to request human review of any automated output you believe has materially affected your access to engagements, or to correct inaccurate profile data. Where you are located in a jurisdiction with laws governing automated employment-decision tools (for example New York City Local Law 144 or equivalent, or GDPR Article 22 in the EU or EEA), graph8 will comply with applicable notice, audit, and access-request obligations.

13. Tax Forms and Reporting

US-Based Talent. If you are a US person for tax purposes, you must complete IRS Form W-9 as part of payout onboarding. If your cumulative earnings through the platform in a calendar year meet or exceed the applicable IRS reporting threshold, graph8 or the applicable payment provider will issue IRS Form 1099-NEC (or the applicable form) to you and file a copy with the IRS. You are responsible for reporting all income from your engagements.

Non-US Talent. If you are a non-US person for tax purposes, you must complete the applicable IRS Form W-8 (for example W-8BEN) as part of payout onboarding to certify your foreign status and claim any applicable treaty benefits. US withholding tax may apply unless a valid treaty exemption is claimed. You are responsible for complying with all tax obligations in your country of residence.

Accuracy. You are solely responsible for the accuracy of the tax information you provide. Providing false or inaccurate tax information may result in backup withholding, penalties, and suspension of your account. You must promptly update your tax information if it changes.

14. Governing Law and Disputes

Governing Law. These terms and any dispute arising out of or relating to them or your participation in the graph8 marketplace are governed by the laws of the State of Florida, without regard to conflict-of-law principles.

Informal Resolution. Before initiating any formal proceeding, you and graph8 agree to attempt in good faith to resolve any dispute through direct negotiation for at least 30 calendar days after written notice of the dispute.

Binding Arbitration. If a dispute is not resolved through negotiation, it will be resolved by binding individual arbitration, not in court. You waive any right to participate in a class action, class arbitration, or representative proceeding. Arbitration will be conducted under the rules of a recognized arbitration body designated by graph8 at the time of the dispute.

Exceptions. Nothing in this section prevents either party from seeking emergency injunctive or other equitable relief from a court of competent jurisdiction where necessary to prevent irreparable harm.

2.3.0

Agency Participation Agreement

Last UpdatedJune 6, 2026 Effective DateJune 6, 2026
Table of Contents
1. Key Terms2. Eligibility and Onboarding3. Service Delivery4. Employment and Compliance5. Fees and Payment6. Non-Solicitation of Agency Talent7. Confidentiality and Intellectual Property8. Data Protection9. Liability and Indemnification10. Acceptable Use and Platform Integrity11. Term and Termination12. Client Engagement Termination (Separate from Agency-graph8 Agreement)13. Updates to These Terms14. Automated Talent-Match Scoring15. Tax Documentation16. Governing Law and Disputes

By signing up as an Agency Partner (call center, staffing agency, or similar organization) on the graph8 talent marketplace, you agree to these terms. They govern how your organization and your employed talent participate in the marketplace. "Agency Talent" includes Sales Development Representatives (SDRs), Account Executives (AEs), GTM Engineers, Customer Success Managers (CSMs), and similar go-to-market roles your Agency offers through the marketplace. This agreement is for business entities that employ talent. If you are an individual independent contractor, please refer to the Talent Participation Agreement instead.

1. Key Terms

Term Meaning
Agency You, the business entity (call center, staffing agency, or similar organization) that employs talent and offers their services through the graph8 marketplace.
Agency Talent An individual who performs go-to-market services (for example SDR, AE, GTM Engineer, or CSM) on behalf of the Agency and is an employee or contractor of the Agency (not an independent contractor on the marketplace).
Client Any business that engages your Agency Talent through graph8.
graph8 Marketplace operator, platform provider, and processor of marketplace payments and payouts.
Payment Providers Stripe (Stripe Connect Express and Stripe Cross-Border) and Wise, the third-party services graph8 uses to verify KYC/tax information and disburse payouts to your Agency. Contracts are generated and e-signed inside the graph8 app.

2. Eligibility and Onboarding

Business Entity Requirement: Agency must be a legally registered business entity (corporation, LLC, partnership, or equivalent in your jurisdiction).

Application Process: Agency must complete the graph8 Agency Partner application, including providing business registration documents, tax identification, and proof of insurance where applicable.

Vetting: graph8 reserves the right to approve or reject Agency applications based on business history, references, and compliance with applicable laws.

Adding Talent: Once approved, Agency may add its employed talent to the platform. Each member of your Agency Talent must have a profile on graph8 linked to the Agency account.

KYC/Tax Compliance: Agency must complete graph8's required KYC and tax verification process before receiving any payments.

3. Service Delivery

Service Provider: When a Client engages a member of your Agency Talent, the Agency (not the individual) is the service provider. All contractual obligations for service delivery rest with the Agency.

Talent Quality: Agency warrants that each member of its Agency Talent is properly vetted, trained, and authorized to perform go-to-market services.

Supervision: Agency is solely responsible for supervising and managing its Agency Talent. graph8 and Clients have no supervisory role over Agency Talent.

Replacement: If a member of its Agency Talent becomes unavailable or is underperforming, Agency will promptly provide a replacement upon Client or graph8 request at no additional cost to the Client.

Activity Logging: Agency Talent must maintain accurate activity logs (calls made, emails sent, etc.) as required by the Client and graph8 platform.

4. Employment and Compliance

Sole Employer: Agency is the sole employer (or engaging entity) of each member of its Agency Talent. Neither graph8 nor any Client is an employer, joint employer, or co-employer of Agency Talent.

Compensation: Agency is solely responsible for compensating its Agency Talent, including wages, bonuses, benefits, and any other employment-related payments. graph8 pays the Agency; the Agency pays its talent.

Internal Compensation Structure: Agency determines its own internal compensation structure for its talent. The rates paid by Clients to the Agency through graph8 are separate from and independent of the wages Agency pays its employees.

Labor Law Compliance: Agency shall comply with all applicable labor, employment, tax, and benefits laws in all jurisdictions where its Agency Talent are located or perform work.

No Employment Liability: Agency shall indemnify graph8 and Clients against any claims alleging joint employment, misclassification, or employment-related liability arising from Agency Talent.

5. Fees and Payment

Rate Setting: Agency and Client negotiate and agree upon rates directly. graph8 may publish suggested rate cards or recommended rate ranges for reference purposes only,these are guidelines, not mandatory pricing. The final rate is determined solely by the agreement between Agency and Client.

Rate Flexibility: Agency and Client may agree to any rate structure that works for both parties, including base compensation, commission, performance bonuses, or any combination thereof. Rate agreements are a matter between Agency and Client; graph8 processes payments according to the terms Agency and Client agree upon.

No Platform Fee: graph8 does not charge a marketplace or platform fee on Agency Talent engagements. The Client pays the approved engagement amount, and graph8 retains no margin on the Agency's compensation. The payment provider for the assigned payout track (Stripe or Wise) deducts its processing fee from the transaction, and the Agency receives the net balance. graph8 passes these processing fees through and does not absorb them.

Monthly Billing: On the first calendar day of each month, the Agency will submit a single invoice through the graph8 platform covering services for the immediately preceding month. The Client must approve or formally dispute the invoice no later than the 5th of that month; lack of action is deemed approval. The Client is then obligated to remit payment on or before the 10th of the month. Once funds clear, graph8's designated payment provider will release the corresponding payout to the Agency no later than the 15th of the same month.

Payment Contingency: Payment is contingent upon Client approval that Agency Talent performed the required activities and adhered to all compliance terms during the month.

Late Payments: Late client payments may delay Agency payout. graph8 will not pursue collection and is not financially liable for the Client's failure to pay. Agency will handle payment disputes directly with the Client, with graph8 providing mediation support as appropriate.

6. Non-Solicitation of Agency Talent

Client Restriction: graph8's Marketplace Terms & Conditions (graph8) prohibit Clients from directly hiring, soliciting, recruiting, or contracting with Agency Talent outside the platform.

Restriction Period: This non-solicitation restriction applies during any engagement and for a period of twelve (12) months following the termination of such engagement.

Enforcement: Agency may enforce this restriction directly against Clients who violate it. Agency may seek liquidated damages or other remedies as provided by applicable law.

Distinction from Individual Talent: This restriction does NOT apply to individual independent contractor Talent on the marketplace, who may be hired directly by Clients at any time per the Talent Participation Agreement.

7. Confidentiality and Intellectual Property

Confidentiality: Agency and its Agency Talent shall treat all Client and prospect data as confidential and use it only for the engagement.

Work Product: Upon full payment, all work product created by Agency Talent belongs to the Client, including call notes, email drafts, target lists, and related materials.

Data Return/Deletion: Agency shall ensure that Agency Talent delete or return Client data within 14 days of engagement end unless legally required to keep records.

Agency Responsibility: Agency is responsible for ensuring its Agency Talent comply with confidentiality and IP obligations. Agency shall include appropriate confidentiality provisions in its employment agreements with Agency Talent.

8. Data Protection

Agency Responsibility: Agency is responsible for ensuring its own compliance with applicable data protection laws (GDPR, CCPA, etc.) with respect to its Agency Talent and any personal data they process.

Client Data: When Agency Talent access Client prospect data, Agency acts as a service provider to the Client. Agency shall implement appropriate technical and organizational measures to protect such data.

graph8's Role: graph8 processes Agency and Agency Talent data as described in the graph8 Privacy Policy (graph8). Agency Talent's access to Client data is governed by the Client's engagement with the Agency through graph8.

Employee Consent: Agency warrants that it has obtained all necessary consents from its Agency Talent for graph8 to process their personal data as required for marketplace participation.

9. Liability and Indemnification

Agency Indemnity: Agency shall defend, indemnify, and hold harmless graph8 and its Clients from any claims arising out of:

Agency Talent misconduct, negligence, or breach of confidentiality

Employment-related claims (wages, benefits, discrimination, wrongful termination, etc.)

Agency's breach of this Agreement

Any claim that graph8 or a Client is a joint employer or co-employer of Agency Talent

Liability Cap: graph8's total liability to Agency is capped at the lesser of (a) $500 or (b) the graph8 fees collected on Agency's engagements in the 90 days before a claim.

No Guarantees: The platform is provided "as-is." graph8 makes no guarantee of Client demand or income for Agency or its talent.

10. Acceptable Use and Platform Integrity

Agency shall ensure its Agency Talent do not share graph8 account or payment provider credentials.

Agency and its Agency Talent must follow all applicable laws (CAN-SPAM, GDPR, TCPA, local telemarketing rules).

Agency shall maintain professional conduct standards for its talent: no spam, misrepresentation, or discriminatory practices.

graph8 may suspend or terminate Agency's account for fraud, harassment, repeated Client complaints, or breach of these terms.

11. Term and Termination

Agency-graph8 Agreement Term: This Agreement between Agency and graph8 begins when Agency completes the onboarding process and continues until terminated by either party.

Agency-graph8 Termination for Convenience: Either Agency or graph8 may terminate this Agreement upon thirty (30) days written notice.

Agency-graph8 Termination for Cause: Either party may terminate immediately if the other party materially breaches this Agreement and fails to cure within fifteen (15) days of written notice.

Effect of Agency-graph8 Termination: Upon termination of this Agreement:

Agency shall complete any in-progress Client engagements or arrange for orderly transition

Agency remains entitled to payment for services rendered through the termination date

Confidentiality, indemnification, and non-solicitation obligations survive termination

12. Client Engagement Termination (Separate from Agency-graph8 Agreement)

Independent of Agency Agreement: Each Client engagement with a member of your Agency Talent is separate from and independent of this Agency-graph8 Agreement. A Client may terminate that engagement without affecting the Agency's overall participation in the graph8 marketplace.

End-of-Month Termination: Either Client or Agency may terminate a specific Agency Talent engagement effective at the end of the current monthly billing period. Termination notice should be provided through the graph8 platform.

No Mid-Month Termination: Client engagements follow the standard monthly billing cycle. Termination is effective at month-end, not mid-month, unless both Client and Agency mutually agree otherwise.

Payment for Services Rendered: Upon termination of a Client engagement, Client remains responsible for payment of all services rendered through the end of the monthly billing period.

Non-Solicitation Survives: The 12-month non-solicitation restriction on Agency Talent continues to apply after a Client engagement terminates.

Multiple Engagements: Agency may have multiple Client engagements simultaneously. Termination of one Client engagement does not affect other Client engagements or the Agency's participation in the marketplace.

13. Updates to These Terms

graph8 may modify this agreement at any time. Material changes will be posted on the platform and notified via email to Agency's registered contact. Continued participation in the marketplace after the "last updated" date constitutes acceptance. If Agency does not agree to the updated terms, Agency may terminate this Agreement per Section 11.

14. Automated Talent-Match Scoring

Profile Scoring. The graph8 marketplace uses automated tools to score and rank Agency Talent profiles when Clients search for candidates. These tools analyze profile information (including role type, stated skills, location, and platform track record) to generate a relevance score that affects how prominently a profile appears in search results. Scoring is decision-support only; Clients make all final hiring decisions.

Agency Rights. Agency may contact [email protected] to request information about how automated scoring applies to its Agency Talent profiles, to correct inaccurate profile data, or to request human review of any automated output it believes has materially affected its ability to obtain engagements. Where applicable law grants Agency Talent rights regarding automated employment-decision tools (including New York City Local Law 144 or equivalent), Agency is responsible for informing its Agency Talent of those rights, and graph8 will cooperate with valid access or audit requests.

15. Tax Documentation

Before receiving any payout, Agency must submit the applicable tax documentation: for US entities, IRS Form W-9; for non-US entities, the applicable IRS Form W-8 series form (for example W-8BEN-E). Agency is solely responsible for calculating, reporting, and paying all applicable taxes on amounts received through the marketplace, including income taxes, VAT, GST, payroll taxes, and employer contributions for its Agency Talent. graph8 does not withhold taxes on Agency payments except as required by applicable law. Agency is responsible for all tax filings and payments to its own Agency Talent and to the applicable tax authorities.

16. Governing Law and Disputes

Governing Law. These terms and any dispute arising out of or relating to them or your Agency's participation in the graph8 marketplace are governed by the laws of the State of Florida, without regard to conflict-of-law principles.

Informal Resolution. Before initiating any formal proceeding, you and graph8 agree to attempt in good faith to resolve any dispute through direct negotiation for at least 30 calendar days after written notice of the dispute.

Binding Arbitration. If a dispute is not resolved through negotiation, it will be resolved by binding individual arbitration. Arbitration will be conducted under the rules of a recognized arbitration body designated by graph8 at the time of the dispute. Claims may not be arbitrated on a class or representative basis.

Exceptions. Nothing in this section prevents either party from seeking emergency injunctive or other equitable relief from a court of competent jurisdiction where necessary to prevent irreparable harm.

2.3.0

Marketplace Terms & Conditions

Last UpdatedJune 6, 2026 Effective DateJune 6, 2026
Table of Contents
1. Service Description and Consent2. Participants and Responsibilities3. Fees and Payment4. Client Rights and Responsibilities5. Agency-Provided Talent6. Privacy and Data Handling7. Legal Considerations8. Worker Classification and graph8's Role9. Automated Talent-Match Scoring

By accessing or using the graph8 talent marketplace, you agree to these terms. Please read them carefully before hiring or paying Talent through our platform. "Talent" means the go-to-market professionals offered through the marketplace, including Sales Development Representatives (SDRs), Account Executives (AEs), GTM Engineers, Customer Success Managers (CSMs), and similar roles. The marketplace includes both individual independent contractor Talent and Agency-provided Talent (employees of approved Agency Partners such as call centers and staffing agencies). If you are engaging Talent as part of CIENCE Services, the CIENCE Services Addendum (graph8) contains additional terms specific to CIENCE Services, including detailed compensation structure and commission calculation methodology. In case of conflict between this Agreement and the CIENCE Services Addendum, the CIENCE Services Addendum controls for Talent engaged as part of CIENCE Services.

1. Service Description and Consent

Purpose: graph8 provides a digital marketplace that connects businesses ("Clients") with independent go-to-market professionals ("Talent", including SDRs, AEs, GTM Engineers, and CSMs) and handles payments via approved payment processors.

Consent: When you create an account and begin an engagement, you agree to contract and transact with Talent through graph8 and its payment providers.

Flexibility: You may move Talent off-platform at any time once all open invoices are paid.

2. Participants and Responsibilities

Participant Core Responsibilities
Client Define Talent scope and KPIs, provide tools and access, approve Service Statements, own resulting IP.
Talent (Independent Contractor) Perform agreed go-to-market tasks, track work, submit Service Statements via our assigned payments provider. May be hired directly by Client.
Agency Partner Call center, staffing agency, or similar organization that employs talent and offers their services through the marketplace. Agency is the service provider; Agency Talent are employees of the Agency and cannot be hired directly by Client.
graph8 Run the marketplace, generate and e-sign contracts inside the graph8 app, process client payments, route Talent payouts through the assigned track (Stripe Connect Express, Stripe Cross-Border, or Wise), maintain dashboards, supply support.

3. Fees and Payment

No Platform Fee: graph8 does not charge a marketplace or platform fee. The Client pays the approved Service Statement total, and graph8 makes no margin or profit on Talent base compensation or commission payments. Talent compensation is passed through at cost. Payment-processing fees charged by the payment provider (Stripe or Wise) are deducted from each transaction before payout, and the Talent receives the net balance. graph8 passes these processing fees through and does not absorb them.

Currency & Timing: All charges are in USD and due on receipt unless otherwise noted.

Late Payments: graph8 does not charge interest or late fees on unpaid balances. Payment for services is owed by the Client directly to the Talent; graph8 only facilitates the transaction and is not a party to that payment obligation. Any late-payment terms, such as interest on past-due amounts, are for the Client and Talent to agree between themselves and to record in their engagement contract or Service Statement, outside of graph8. If a Service Statement remains unpaid, the Talent may pause work at their discretion, and graph8 may pause related marketplace services (such as new engagements or Service Statement approvals) until the matter is resolved between the Client and the Talent.

Monthly Billing (Commission and Payment): On the first calendar day of each month the Talent will submit, through the graph8 platform, a single itemized Service Statement covering (i) the agreed base compensation, (ii) any per meeting compensation, and (iii) any earned commission or other agreed line items for the immediately preceding month. The Client must approve or formally dispute the Service Statement no later than the 5th of that month. A formal dispute must be raised in the platform if the Talent fails to perform required activities (e.g., absence, failure to log work) or breaches compliance/acceptable use terms. Lack of action is deemed approval. The Client is then obligated to remit payment of the Service Statement total on or before the 10th of the month. Once those funds clear, graph8 will release the corresponding payout to the Talent through their assigned payout track no later than the 15th of the same month, in accordance with the contingent-payment provisions of this Agreement.

Payment Contingency: Payment of Base Compensation is contingent upon Client approval that the Talent performed the required activities and adhered to all compliance terms during the month. Payment of earned Commission is contingent upon meeting the contractual KPIs for the preceding month. The commission structure (rate, calculation method, and KPIs) is defined in the engagement contract between Client and Talent, which may vary by engagement. For Talent engaged as part of CIENCE Services, see the CIENCE Services Addendum for detailed commission structure.

Modification of Compensation Terms: Client and Talent may mutually agree at any time to modify the commission structure (rate, calculation method, KPIs) or base salary. Any such modifications must be agreed upon in writing by both parties and documented in the engagement contract or through a written amendment. Modifications to base salary or commission structure are matters between Client and Talent; graph8 processes payments according to the terms agreed upon by Client and Talent.

Performance and Non-Payment: The Client is liable for payment only for services rendered as defined in the engagement contract. Client disputes leading to non-payment of Base Compensation are strictly limited to instances of verifiable failure to perform activities (e.g., absence, failure to log work) or a material breach of compliance/acceptable use terms. Disputes regarding conversion rates or failure to meet KPIs are primarily addressed through the commission structure (as defined in the engagement contract), not the Base Compensation. Any payment reduction for failure to meet KPIs will be applied to the earned commission first. If a Service Statement is formally disputed due to Talent failure to perform activities or breach of compliance terms, the Client shall not be obligated to pay the disputed amount to graph8's payment provider, and the Talent's resulting non-payment is solely a matter between the Client and the Talent. graph8's role is limited to processing the undisputed amount and mediating the dispute.

Client Payment Obligation & Risk Allocation: Client is solely responsible for paying Talent for services rendered. Talent are not paid if Client does not pay. graph8 acts solely as a payment processor and platform facilitator. graph8 does not hold any financial risk, guarantee Talent payments, or advance funds to Talent. Even though Talent payments are processed through graph8's payment provider as a passthrough, Client remains fully accountable for payment obligations to Talent. If Client fails to pay a Talent Service Statement, the Talent does not receive payment, and graph8 is not liable for the unpaid amount. Client's payment obligation to Talent exists independently of graph8's role as payment processor.

Example: On a $2,000 Talent Service Statement, the Client pays $2,000. The payment provider deducts its processing fee from the transaction, and the Talent receives the net balance. graph8 charges no platform fee.

4. Client Rights and Responsibilities

Direct Hire Option (Individual Talent Only): You may employ or pay individual independent contractor Talent outside graph8 at any point after settling outstanding invoices. This option does NOT apply to Agency Talent. See the "Agency-Provided Talent" section below.

Acceptable Use: Do not request or permit unlawful, unethical, or discriminatory activities.

Support: For assistance, email [email protected] or initiate a chat from within the graph8 platform.

5. Agency-Provided Talent

Agency Talent: Some Talent on the marketplace are employees of approved Agency Partners (call centers, staffing agencies, or similar organizations). These individuals are identified as "Agency Talent" in the platform and are marked with an Agency badge.

Service Provider: When engaging Agency Talent, the Agency (not the individual) is the service provider. All fees are invoiced by graph8 and remitted to the Agency. The Agency is responsible for paying its employees.

No Direct Hire: Client may NOT directly hire, solicit, recruit, or contract with Agency Talent outside the platform. This restriction applies during the engagement and for twelve (12) months following termination of the engagement.

Employment Relationship: Agency Talent are employees of their respective Agencies. Neither graph8 nor Client is the employer or co-employer of Agency Talent. All employment-related matters (wages, benefits, supervision) are handled by the Agency.

Fees & Payment: Agency Talent engagements follow the same end-of-month billing schedule as individual Talent engagements: Service Statement on 1st, approval/dispute by 5th, payment by 10th, payout by 15th. graph8 charges no platform fee; payment-processing fees are deducted from the payout as described in Section 3.

Replacement: If a member of the Agency's Talent becomes unavailable, the Agency will provide a replacement. Client should contact the Agency through the platform to arrange replacements.

Agency Agreement: Agencies participating in the marketplace are bound by the Agency Participation Agreement.

6. Privacy and Data Handling

Data Use: Personal and business data are processed in accordance with the graph8 Privacy Policy.

Third-Party Providers: graph8 uses Stripe (Stripe Connect Express and Stripe Cross-Border) and Wise to onboard Talent for payouts, collect any required identity and tax information, and disburse funds. Your use of graph8 implies acceptance of the applicable provider's terms and privacy policies. Contracts themselves are generated and e-signed inside the graph8 app, and graph8 retains the signed record.

7. Legal Considerations

Disclaimers: The platform is provided "as-is." graph8 offers no warranties, express or implied, regarding Talent performance or results.

Liability Cap: graph8's total liability is limited to the graph8 fees you paid in the 90 days preceding any claim. We are not liable for indirect, consequential, or punitive damages.

Indemnity: Clients must indemnify graph8 against claims arising from their use of Talent output or breach of these terms.

Governing Law & Disputes: Florida law governs. Disputes go first to good-faith negotiation, then binding arbitration.

Updates to These Terms: graph8 may modify these terms at any time. Material changes will be posted on this page; continued use after the "Last updated" date signifies acceptance.

8. Worker Classification and graph8's Role

Independent Contractors. Individual Talent on the marketplace are independent contractors, not employees of graph8 or of you (the Client). This applies to all role types, including SDRs, AEs, GTM Engineers, CSMs, and similar roles. An engagement that involves deep integration into your workflow, access to your systems, or daily communication does not change the independent-contractor status of individual Talent. Agency Talent are employees of their respective Agency Partners; neither graph8 nor you is their employer or co-employer.

graph8 Is a Marketplace Facilitator. graph8 operates the marketplace platform, generates and stores contracts, and processes payments. graph8 does not supervise, direct, or control any Talent's work, does not represent Talent as employees of graph8, and does not assume employer obligations toward Talent. graph8 is not a staffing agency and is not a party to the service relationship between you and any Talent.

Your Obligations. You are responsible for ensuring that your engagement of Talent complies with all applicable labor, tax, and classification laws in the jurisdictions where Talent perform work on your behalf.

Tax and Reporting. graph8 does not withhold income or payroll taxes on Talent compensation. Each Talent is responsible for their own tax compliance. graph8 or the applicable payment provider may issue tax information documents (for example IRS Form 1099-NEC for eligible US-resident Talent) as required by applicable law.

9. Automated Talent-Match Scoring

How It Works. The marketplace uses automated tools to score and rank Talent profiles in response to Client searches. These tools analyze profile data (role type, stated skills, engagement history, location, and similar attributes) to produce a relevance score that influences the order in which profiles are presented. Scoring is decision-support only; Clients review profiles and make all final hiring decisions. graph8 does not make hiring or engagement decisions on behalf of Clients.

Talent Rights. Talent (including Agency Talent, through their Agency) may contact [email protected] to request information about how automated scoring applies to their profile, to correct inaccurate data, or to request human review of any output they believe has materially affected their access to engagements. Where applicable law governs automated employment-decision tools (for example New York City Local Law 144 or equivalent, or GDPR Article 22 for Talent in the EU or EEA), graph8 will comply with applicable notice, audit, and access-request requirements.

07 / Pricing

You pay for what graph8 executes. Never for seats.

Execution credits send, call, and run agents. Contact credits reveal and enrich the people you target. Three ways in.

For trying it out Pay as you go
Free to start

A free entry point to the full platform. No credit card.

  • 1,000 contact reveals to start
  • 500 execution actions free
  • Full platform access, no card
  • Then $0.05 per credit
Start Free
For data in your AI tools MCP Unlimited
$25 / user

Unlimited contact data, in the tools you already use.

  • Unlimited contact data, fair use
  • 2,500 execution credits a month
  • Priced per user, not per org
Claude ChatGPT Cursor VS Code
Start Free
Most popular
The full platform Team plan
$99 / mo

Unlimited users and data. Every app, one bill.

  • Campaigns, dialer, AI voice, and AI workflows
  • Meetings routed and booked for you
  • 10,000 execution credits a month
  • Unlimited users, no seat fees
  • 7-day free trial, no credit card
Start Free

Everything in the Team plan

$99 / mo, all included

The $99 Team plan is the full platform: everything below, for the whole org. MCP Unlimited and Pay as you go are lighter entry points with usage and seat limits.

Your GTM, executed

10,000 credits included
  • Campaigns and sending infrastructure Mailboxes, domains, and deliverability run for you, end to end.
  • 5-channel sequencer Email, phone, LinkedIn, SMS, and WhatsApp in automated sequences.
  • Dialer and AI voice agents Clone any rep voice for inbound and outbound calls with live booking.
  • AI inbox Replies triaged, drafted, and answered across every channel.
  • Meeting routing and booking Route leads to the right rep and book the meeting automatically.
  • CRM, pipeline, and quotes Deals, quotes, and AI-prioritized actions in the AE Cockpit.
  • Studio content engine Brand, newsletters, landing pages, ads, and campaign content.
  • AI agents and workflows Operator and Executor agents for RevOps, deals desk, and SDRs.

Data without limits

Included
  • MCP Unlimited for every user A $25 per user value, included for the whole org on the Team plan.
  • No monthly cap on contact data Reveals, lookups, enrichments, and exports run org-wide, every seat.
  • Buying signals Visitors, intent, hiring, and job-change signals on every account.
  • Waterfall enrichment Third-party providers, pay on match or bring your own keys.
  • Free search and browse Your whole team explores 700M+ contacts and 100M+ companies.

Org-wide by default

Always on
  • Unlimited users, no seat fees Invite everyone. Pricing never scales with headcount.
  • Every feature unlocked No tiers gating voice, enrichment, sequencer, campaigns, or desktop.
  • Built-in CDP and integrations Warehouse, 500+ connectors, two-way CRM sync included.
  • Month-to-month, no contracts Cancel anytime.
  • Fair-use rate limits Limits apply on all plans. They guard against scraping, not real GTM work.

Execution credits send, call, and run agents. Contact credits reveal and enrich the people you target.

Legal clarity

Start with the current terms, then run the system.

graph8 keeps the legal layer versioned, the action layer logged, and every revenue move tied back to the buyer graph.