Non-Disclosure & Confidentiality Agreement

Mutual Protection – What This NDA Gives You

This NDA is bilateral: it doesn’t just protect UPMOS, it protects YOU. Here’s what that looks like in practice. This summary is provided for convenience – the full agreement below is the legally binding text.

• Bilateral protection. Your confidential information (pricing, product roadmap, supplier lists, customer data) is protected with the same rigor UPMOS demands for its own.
• Industry-standard security required. UPMOS must use AES-256 encryption at rest, NIST Cybersecurity Framework controls, EDR endpoint protection, and encrypted backups.
• 24-hour breach notification. If your data is compromised or accessed without authorization, UPMOS must notify you within 24 hours of detection.
• Annual security training. Every UPMOS representative who can see your information completes annual security training – not just a checkbox at hire time.
• Mutual return / destruction at termination. When the relationship ends, your information must be returned or destroyed – and the same goes the other way.
• 12-month access logging. Access to your confidential information is logged for at least 12 months, so audits and forensic review are possible.
• Strong remedies for misuse. If your information is mishandled, you have access to injunctive relief and clear monetary remedies, not just a slap-on-the-wrist clause.

Quick Navigation

• Overview & Purpose
• Definitions
• Scope of Confidential Information
• Obligations of Receiving Party
• Exclusions from Confidentiality
• Permitted Disclosures
• Intellectual Property Rights
• Term & Termination
• Return & Destruction of Materials
• Remedies & Enforcement
• Data Security Requirements
• Governing Law & Disputes
• General Provisions
• Contact Information

Overview & Purpose

This Non-Disclosure & Confidentiality Agreement (“NDA”) is a bilateral agreement between Upmos Inc. (“Upmos”) and the seller, partner, or authorized representative (“Counterparty”) who accepts these terms. This NDA governs the exchange, handling, and protection of confidential and proprietary information between both parties in connection with the Upmos Marketplace platform.

Upmos Entity: Upmos Inc., 9896 Bissonnet St, Houston TX 77036, USA

Contact: legal@upmos.com | (855) 637-2433 (855-MERCHED)

Jurisdiction: Harris County, Texas | Governed by Texas Law

When This NDA Applies

• API Access & Integration: Sellers granted API keys, webhook access, or sandbox environments
• Partnership Tiers: Sellers in Booming Plan or higher with co-marketing or revenue-sharing arrangements
• Beta Programs: Sellers participating in beta features, early access programs, or pilot initiatives
• Business Intelligence: Sellers receiving marketplace analytics, category insights, or competitive data
• Technology Collaboration: Third-party developers building integrations or plugins for the Upmos ecosystem

Definitions

• Disclosing Party: The party sharing Confidential Information (may be either Upmos or Counterparty)
• Receiving Party: The party receiving Confidential Information from the Disclosing Party
• Confidential Information: Any non-public information, data, documents, know-how, trade secrets, business strategies, technical specifications, algorithms, customer data, pricing models, financial projections, product roadmaps, or other proprietary material disclosed by either party, whether in written, oral, electronic, visual, or any other form
• Representatives: Officers, directors, employees, agents, contractors, advisors, attorneys, accountants, and consultants of the Receiving Party who have a demonstrable operational need to access the Confidential Information for the Purpose (meaning their role directly requires such access to perform work within the scope of the Purpose, as approved by an authorized officer of the Receiving Party)
• Trade Secret: Information that derives independent economic value from not being generally known or readily ascertainable, and is subject to reasonable efforts to maintain its secrecy, as defined under the Texas Uniform Trade Secrets Act (Tex. Civ. Prac. & Rem. Code § 134A)
• Derivative Works: Any analysis, compilation, study, report, or other document that contains, is based on, reflects, or is derived from Confidential Information
• Bloom Dashboard: Upmos’s proprietary seller management and communication portal, accessible through the Upmos seller account interface, which displays seller account performance, notifications, communications, and provides access to technical support and incident reporting
• Purpose: (a) evaluation of potential business partnership; (b) execution and performance of seller participation obligations under the Marketplace Participation Agreement; (c) provision of technical support, fraud prevention, and account management services; and (d) analytics related solely to the individual Counterparty’s own account performance. The Purpose expressly excludes: development of competing products or services using Confidential Information; use of platform algorithms or system designs for commercial purposes outside the Upmos Marketplace; and creation of benchmarking reports incorporating another party’s Confidential Information

Scope of Confidential Information

Upmos Confidential Information Includes (But Is Not Limited To)

• Platform Technology: Source code, algorithms, API specifications, system architecture, database schemas, infrastructure configurations, deployment pipelines, and security protocols
• Business Data: Revenue figures, marketplace GMV (Gross Merchandise Value), conversion rates, category performance data, seller rankings, buyer demographics, and pricing strategies
• Product Roadmap: Planned features, development timelines, beta programs, strategic partnerships, and market expansion plans
• Operational Processes: Internal workflows, customer service protocols, fraud detection methods, risk scoring algorithms, and compliance procedures
• Financial Information: Fee structures under negotiation, revenue shares, investment details, cost structures, and financial projections
• Customer & Seller Data: Personal information of buyers, seller performance data, transaction histories, and account details (subject to applicable privacy laws)
• Marketing Intelligence: Campaign strategies, advertising performance data, SEO insights, and customer acquisition metrics

Seller/Counterparty Confidential Information Includes

• Product Information: Unreleased product designs, formulations, manufacturing processes, supplier relationships, and cost structures
• Business Strategy: Expansion plans, pricing strategies, inventory management systems, and sales channel strategies
• Financial Data: Sales volumes, profit margins, customer acquisition costs, and business valuations
• IP Portfolio: Patent applications, trademark filings, trade dress elements, and proprietary branding materials

Marking & Identification

• Written or electronic Confidential Information should be marked “Confidential,” “Proprietary,” or with substantially similar designation
• Oral disclosures shall be identified as confidential at the time of disclosure and confirmed in writing within five (5) business days. Confidentiality protection attaches at the moment of oral identification; failure to provide written confirmation within five business days does not eliminate protection for information clearly identified as confidential at the time of disclosure
• Information disclosed through API access, dashboards, or platform tools is automatically deemed Confidential Information regardless of marking

Obligations of Receiving Party

Standard of Care

• The Receiving Party shall protect Confidential Information using security measures no less rigorous than: (a) industry-standard enterprise-grade security practices consistent with the NIST Cybersecurity Framework; or (b) the highest degree of care used for the Receiving Party’s most sensitive internal data, whichever is more stringent. At minimum, the Receiving Party shall implement the controls specified in the Data Security Requirements section of this NDA
• Access shall be limited to Representatives who have a demonstrable operational need to access Confidential Information for the Purpose and who are bound by confidentiality obligations at least as restrictive as those in this NDA
• The Receiving Party shall be liable for any breach by its Representatives as if the breach were committed by the Receiving Party itself

Prohibited Actions

• No Reverse Engineering: The Receiving Party shall not reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code, algorithms, or structure of any software or technology disclosed as Confidential Information
• No Competitive Use: Confidential Information shall not be used to develop, enhance, or market any product or service that competes with the Disclosing Party’s offerings
• No Unauthorized Copying: The Receiving Party shall not copy, reproduce, or duplicate Confidential Information except as reasonably necessary for the Purpose
• No Public Disclosure: Neither party shall issue press releases, public statements, or marketing materials referencing the other party’s Confidential Information without prior written consent
• No Data Mining: Confidential Information shall not be aggregated, anonymized, or used for data mining, machine learning training, or statistical analysis beyond the Purpose

Security Measures

• Store Confidential Information in encrypted systems (AES-256 or equivalent) with access controls
• Implement multi-factor authentication (MFA) for systems containing Confidential Information
• Maintain audit logs of access to Confidential Information for a minimum of 12 months
• Conduct annual security training for all Representatives with access to Confidential Information
• Report any suspected or actual security breach to the Disclosing Party within 24 hours of discovery

Exclusions from Confidentiality

Confidential Information does not include information that the Receiving Party can demonstrate by competent evidence:

• Public Domain: Was or becomes publicly available through no fault or action of the Receiving Party
• Prior Knowledge: Was already in the Receiving Party’s possession, without obligation of confidentiality, prior to disclosure by the Disclosing Party
• Independent Development: Was independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information, as evidenced by contemporaneous documentation
• Third-Party Disclosure: Was received from a third party who is not, directly or indirectly, under an obligation of confidentiality to the Disclosing Party
• Written Authorization: Was approved for release by express written authorization from the Disclosing Party

The burden of proving any exclusion rests with the Receiving Party.

Permitted Disclosures

Compelled Disclosure

If the Receiving Party is compelled by law, regulation, court order, subpoena, or governmental authority to disclose Confidential Information, the Receiving Party shall:

1. Provide written notice to the Disclosing Party as early as practicable (and no later than two (2) business days before disclosure if the schedule permits) to allow the Disclosing Party to seek a protective order or other appropriate remedy. If legally prohibited from providing advance notice, the Receiving Party shall notify the Disclosing Party immediately upon expiration of any such prohibition and shall in all events notify its own legal counsel for purpose of seeking a protective order
2. Cooperate with the Disclosing Party’s efforts to obtain such protective order at the Disclosing Party’s expense
3. Disclose only the minimum amount of Confidential Information legally required
4. Use commercially reasonable efforts to ensure that confidential treatment is accorded to the disclosed information

Professional Advisors

Disclosure to the Receiving Party’s attorneys, accountants, and financial advisors is permitted provided such advisors are bound by professional ethical obligations of confidentiality or have executed confidentiality agreements consistent with this NDA.

Regulatory Compliance

Disclosure may be made to the extent required by applicable securities laws, tax reporting obligations, or regulatory filings, provided the Receiving Party uses commercially reasonable efforts to limit the scope of disclosure and to obtain confidential treatment where available.

Service Providers

The Receiving Party may disclose Confidential Information to third-party service providers (e.g., cloud infrastructure providers, payment processors, fulfillment partners, analytics vendors) who require access to perform obligations under the underlying business relationship, provided that: (a) the service provider is contractually bound by confidentiality and security obligations no less stringent than those in this NDA; (b) the Receiving Party remains fully liable for any breach by the service provider as if committed by the Receiving Party itself; and (c) the Receiving Party shall identify such service providers to the Disclosing Party upon written request.

Intellectual Property Rights

• This NDA does not grant any license, ownership, or rights in or to any Confidential Information, intellectual property, patents, copyrights, trademarks, or trade secrets of the Disclosing Party
• All Confidential Information remains the exclusive property of the Disclosing Party
• Any Derivative Works created by the Receiving Party that substantially reproduce, compile, or directly incorporate material portions of the Disclosing Party’s Confidential Information shall be owned by the Disclosing Party. Derivative Works that combine Confidential Information with the Receiving Party’s pre-existing proprietary knowledge or processes shall be jointly owned, with each party granted a non-exclusive license for operational use. Work product incorporating only general insights or ideas (not specific methodologies, algorithms, or proprietary data) shall be owned by the creating party
• Neither party shall file any patent applications or seek any intellectual property protections that incorporate the other party’s Confidential Information without prior written consent
• Nothing in this NDA prevents either party from developing products or services that are similar to or competitive with those of the other party, provided no Confidential Information is used

Term & Termination

Agreement Duration

• Initial Term: This NDA is effective from the date of acceptance and continues for so long as the Counterparty maintains an active seller account on the Upmos Marketplace, plus thirty (30) days following the final resolution of any pending transactions, payouts, or disputes at the time of account closure or termination
• Survival Period: The confidentiality obligations under this NDA shall survive termination for a period of five (5) years from the date of last disclosure of Confidential Information
• Trade Secrets: Notwithstanding the above, obligations regarding information that constitutes a trade secret shall continue for as long as such information qualifies as a trade secret under applicable law (including the Texas Uniform Trade Secrets Act and the federal Defend Trade Secrets Act of 2016)

Termination

• Either party may terminate this NDA with thirty (30) days’ written notice to the other party
• Termination does not release either party from obligations regarding Confidential Information disclosed prior to termination
• Upon termination of the seller’s Upmos account (whether voluntary or involuntary), this NDA’s obligations with respect to previously disclosed information remain in full force during the survival period

Return & Destruction of Materials

Upon written request by the Disclosing Party, or upon termination of this NDA, the Receiving Party shall within thirty (30) days:

1. Return all tangible materials containing Confidential Information (documents, prototypes, samples, storage media)
2. Permanently delete all electronic copies of Confidential Information from all systems, including backup and archival systems, cloud storage, and local devices
3. Destroy all Derivative Works and notes, analyses, compilations, or other documents that contain or reflect Confidential Information
4. Certify in writing (signed by an authorized officer) that all Confidential Information has been returned or destroyed, and that no copies have been retained

Exceptions to Return/Destruction

• The Receiving Party may retain one (1) archival copy solely for legal compliance or regulatory audit purposes, stored in a secure, access-controlled environment
• Automated backup systems may retain copies of Confidential Information, provided: (a) such copies are subject to the same access controls and encryption as live systems; (b) backups are not accessed for any purpose except disaster recovery or legal compliance; and (c) backups are purged pursuant to the Receiving Party’s standard retention policy (not to exceed the applicable survival period under this NDA), with written certification of purge provided to the Disclosing Party within 60 days of this NDA’s termination
• Professional advisors may retain copies as required by applicable professional standards or regulatory requirements

Remedies & Enforcement

Injunctive Relief

Both parties acknowledge that a breach of this NDA may cause irreparable harm that cannot be adequately compensated by monetary damages. Accordingly, the Disclosing Party shall be entitled to seek injunctive relief (including temporary restraining orders, preliminary injunctions, and permanent injunctions) without the requirement of posting a bond. The parties expressly acknowledge and agree that: (i) disclosure of Confidential Information constitutes irreparable harm not fully compensable by monetary damages; (ii) this acknowledgment satisfies the irreparable harm element required for injunctive relief under Texas law; and (iii) the Disclosing Party need not prove actual monetary loss as a precondition to obtaining injunctive relief. Such injunctive relief is in addition to any other remedies available at law or equity.

Monetary Damages

• The breaching party shall be liable for all direct damages resulting from the breach, including lost profits, reputational harm, and costs of remediation
• The breaching party shall reimburse the non-breaching party for all reasonable attorneys’ fees, court costs, and expenses incurred in enforcing this NDA
• In the event of a willful or intentional breach, the breaching party may be liable for consequential, incidental, and punitive damages to the fullest extent permitted by applicable law

Marketplace Consequences

• Account Suspension: Breach of this NDA by a seller constitutes a material violation of the Marketplace Participation Agreement and may result in immediate account suspension or termination
• Financial Holds: Upmos may place holds on pending payouts during investigation of an NDA breach
• API Access Revocation: API keys, webhook access, and integration credentials will be immediately revoked upon confirmed breach
• Industry Notification: Upmos reserves the right to report confirmed trade secret theft to relevant law enforcement authorities

Data Security Requirements

Minimum Security Standards

Breach Notification

• 24-Hour Notification: The Receiving Party must notify the Disclosing Party within 24 hours of (a) discovering, or (b) becoming aware through reasonable security monitoring of, any actual or suspected breach, unauthorized access, or unauthorized disclosure involving Confidential Information. The notification clock begins at the earlier of actual discovery or the time the breach would have been detected through reasonable monitoring practices (including active review of security logs, access controls, and intrusion detection systems)
• Written Report: A detailed written report must follow within 72 hours, including: scope of breach, data affected, root cause analysis, and remediation steps taken
• Cooperation: The breaching party shall cooperate fully with any investigation and provide access to relevant systems and personnel
• Regulatory Reporting: If the breach involves personal data, the parties shall coordinate on any required notifications under GDPR, CCPA, or other applicable privacy laws

Governing Law & Disputes

Choice of Law

This NDA shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflicts of law principles. The federal Defend Trade Secrets Act of 2016 (18 U.S.C. § 1836) shall also apply to the extent relevant.

Dispute Resolution

1. Negotiation (30 Days): The parties shall first attempt to resolve disputes through good-faith negotiation between authorized representatives
2. Mediation (60 Days): If negotiation fails, the parties shall submit the dispute to mediation administered by the American Arbitration Association (AAA) in Houston, Texas
3. Arbitration or Litigation: If mediation fails, either party may pursue binding arbitration under AAA Commercial Rules or file suit in the state or federal courts located in Harris County, Texas

Jurisdiction & Venue

Each party irrevocably submits to the exclusive jurisdiction and venue of the state and federal courts located in Harris County, Texas for any action arising out of or relating to this NDA. Each party waives any objection to such jurisdiction or venue, including forum non conveniens.

JURY TRIAL WAIVER

EACH PARTY IRREVOCABLY WAIVES ANY AND ALL RIGHTS TO TRIAL BY JURY IN ANY LEGAL PROCEEDING ARISING OUT OF OR RELATING TO THIS NDA, EXCEPT THAT EITHER PARTY MAY ELECT TRIAL BY JURY FOR CLAIMS UNDER $25,000 USD. BY ACCEPTING THIS NDA, EACH PARTY ACKNOWLEDGES THAT IT HAS HAD THE OPPORTUNITY TO CONSULT LEGAL COUNSEL REGARDING THIS JURY TRIAL WAIVER AND VOLUNTARILY ACCEPTS THIS PROVISION.

General Provisions

Relationship to Master Agreement

This Non-Disclosure & Confidentiality Agreement (“NDA”) is supplemental to and incorporated by reference into the Marketplace Participation Agreement (“MPA”) between Seller and Upmos Inc.. In the event of any direct conflict between a specific confidentiality provision of this NDA and a specific provision of the MPA addressing the same subject matter, the more restrictive provision shall apply. This NDA may not be waived, diminished, or modified by amendments to the MPA; any amendment to the MPA that would materially affect confidentiality obligations requires separate written consent of both parties. Capitalized terms not defined herein shall have the meanings assigned to them in the MPA.

Indemnification

Seller shall indemnify, defend, and hold harmless Upmos Inc., its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to:

• Seller’s breach of any term or obligation under this agreement;
• Seller’s violation of any applicable law, regulation, or third-party right;
• Any unauthorized disclosure, use, or mishandling of Confidential Information by Seller or its Representatives;
• Any breach of data security requirements or failure to comply with breach notification obligations set forth herein.

Upmos shall provide written notice within ten (10) business days of any claim for which indemnification is sought and shall cooperate with Seller in the defense of such claim. Seller shall not settle any claim without Upmos’s prior written consent if the settlement imposes any obligation on Upmos or does not include a full release of claims against Upmos.

Reciprocal Indemnification: Upmos shall indemnify, defend, and hold harmless Seller, its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to: (a) Upmos’s breach of any term or obligation under this agreement; (b) Upmos’s violation of any applicable law, regulation, or third-party right; or (c) any unauthorized disclosure, use, or mishandling of Confidential Information by Upmos or its Representatives. Seller shall provide written notice within ten (10) business days of any claim for which indemnification is sought. Upmos shall not settle any claim without Seller’s prior written consent if the settlement imposes any obligation on Seller or does not include a full release of claims against Seller.

Limitation of Liability

EXCEPT FOR BREACHES OF CONFIDENTIALITY OBLIGATIONS, INDEMNIFICATION OBLIGATIONS, OR WILLFUL MISCONDUCT, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES, ARISING OUT OF OR RELATED TO THIS NDA, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE) AND EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

For claims not otherwise excluded below, the aggregate liability of either party under this NDA shall not exceed the greater of: (a) $500,000 USD; or (b) the total fees paid or payable by Seller to Upmos during the twelve (12) month period preceding the event giving rise to the claim. This cap shall not apply to: (i) breaches of confidentiality obligations (which are uncapped given the nature of this agreement); (ii) indemnification obligations; (iii) liability arising from gross negligence or willful misconduct; or (iv) infringement of intellectual property rights. For the avoidance of doubt, because this is a confidentiality agreement, the majority of claims arising hereunder will fall under the excluded categories (i) through (iv) above, meaning the cap primarily governs process and administrative disputes.

Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations under this agreement (other than payment obligations) where such failure or delay results from circumstances beyond the reasonable control of the affected party, including but not limited to: acts of God, natural disasters, pandemic, epidemic, war, terrorism, riots, embargoes, government orders or actions, power failures, internet or telecommunications service provider outages, or labor disputes. Cyberattacks, ransomware, and data breaches are not force majeure events, as such incidents are foreseeable and subject to mitigation through reasonable cybersecurity practices. The affected party shall:

• Provide prompt written notice to the other party describing the force majeure event;
• Use commercially reasonable efforts to mitigate the impact and resume performance;
• Resume performance promptly upon cessation of the force majeure event.

If a force majeure event continues for more than ninety (90) consecutive days, either party may terminate this agreement upon thirty (30) days’ written notice without liability.

Entire Agreement

This NDA, together with the Marketplace Participation Agreement and any exhibits or amendments, constitutes the entire agreement between the parties with respect to confidentiality. This NDA supersedes all prior or contemporaneous oral or written communications regarding confidentiality between the parties.

Amendment

This NDA may only be amended by a written instrument signed by authorized representatives of both parties. Written notice of proposed amendments shall be provided to the other party at least thirty (30) days in advance of any requested effective date.

Severability

If any provision of this NDA is held invalid or unenforceable, the remaining provisions shall continue in full force and effect, and the invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

Assignment

Neither party may assign this NDA without the prior written consent of the other party, except in connection with a merger, acquisition, or sale of substantially all assets, provided the assignee assumes all obligations under this NDA.

Waiver

No failure or delay by either party in exercising any right under this NDA shall constitute a waiver of that right. A waiver of any breach shall not constitute a waiver of any subsequent breach.

Notices

All notices under this NDA shall be in writing and delivered by email (with confirmation of receipt), certified mail, or recognized overnight courier to the addresses specified in the Marketplace Participation Agreement.

Independent Contractor

Nothing in this NDA creates a partnership, joint venture, agency, or employment relationship between the parties. Each party is an independent contractor.

Residuals of Knowledge

Notwithstanding any other provision of this NDA, nothing herein prevents a Representative of the Receiving Party from using general ideas, concepts, know-how, and professional skills retained in unaided human memory as a natural result of exposure to Confidential Information during performance under this NDA, provided that: (a) such use does not involve the deliberate memorization or extraction of specific Confidential Information; (b) such use does not reproduce, disclose, or directly derive from trade secrets or specific proprietary data of the Disclosing Party; and (c) such use does not result in work product that directly competes with the Disclosing Party’s products or services using identifiable Confidential Information. This exception does not apply to trade secrets, which remain protected for as long as they qualify as trade secrets under applicable law.

No Obligation to Transact

This NDA does not obligate either party to enter into any business transaction, share any particular Confidential Information, or continue any business relationship. Either party may decline to share information or terminate discussions at any time.

Non-Solicitation

During the term of this NDA and for a period of twelve (12) months following its termination or expiration, neither party shall, directly or indirectly, solicit, recruit, or attempt to hire any employee, contractor, or consultant of the other party who was involved in the performance or administration of obligations under this NDA or any related agreement, without the prior written consent of the other party.

This restriction shall not apply to: (a) general employment advertisements or postings not specifically targeted at the other party’s personnel; (b) individuals who independently contact the hiring party without solicitation; or (c) individuals whose employment with the other party has been terminated for at least six (6) months prior to any solicitation.

The parties acknowledge that breach of this non-solicitation provision would cause irreparable harm not readily compensable by monetary damages. Accordingly, the non-breaching party shall be entitled to seek immediate injunctive relief without bond or proof of actual damages, in addition to recovery of actual damages including reasonable recruiting and replacement costs incurred as a direct result of the breach.

Counterparts & Electronic Execution

This NDA may be executed in counterparts and accepted electronically via the Upmos Marketplace platform, DocuSign, or other electronic signature methods compliant with the ESIGN Act and Texas Uniform Electronic Transactions Act.

Synopsis — Key NDA Commitments

• ✅ Bilateral Protection: Both Upmos and seller confidential information are equally protected
• ✅ 5-Year Survival: Confidentiality obligations last 5 years after last disclosure; trade secrets protected indefinitely
• ✅ Need-to-Know Basis: Access limited to Representatives with legitimate business need
• ✅ AES-256 Encryption: Minimum encryption standard for storing Confidential Information
• ✅ 24-Hour Breach Notice: Immediate notification required upon discovery of any breach
• ✅ Return/Destroy Within 30 Days: All materials returned or destroyed upon request or termination
• ✅ No Competitive Use: Confidential Information cannot be used for competing products or services
• ✅ Texas Law Governs: Harris County, Texas exclusive jurisdiction