Platform customer agreement for gro.now platform (b2b)

1. General Provisions

1.1. This User Agreement (hereinafter – the "Agreement" or "UA") regulates the procedure for providing access to the gro.now Platform and its use under the Software as a Service (SaaS) model. The Platform includes functional modules (hereinafter – "Modules"), including a reputation module, a survey module, and a referral and partnership program module, allowing the Client to independently launch and administer Surveys and other Activities using analytical and AI tools.

1.2. Provider – "Pwron" LLP, BIN 241040012133, address: Republic of Kazakhstan, Almaty, Bostandyk district, Satpayev St., 90/54, apt. 5, index 050000; e-mail: t@gro.now; website: https://gro.now/.

Client – a legal entity or an individual entrepreneur who has acceded to the Agreement in accordance with Section 4 and acts through its authorized representatives – users.

1.3. Territory and International Character. gro.now services are available to Clients from the Republic of Kazakhstan and other states; however, the laws of the Republic of Kazakhstan shall apply to the Agreement (see Section 21). Restrictions regarding sanctions and export control may apply (see Section 22).

1.4. Publicity and Form. The Agreement is posted on the Internet at: https://gro.now/legal. Accession by the Client is carried out without the signing of a single hard-copy document by the parties and does not require seals, unless otherwise expressly agreed in writing.

1.5. Linked Documents. The following documents, posted on the Site and available at the following addresses (current version), are an integral part of the Agreement:

• Tariff Description: https://www.gro.now/ru#pricing;
• Pricing, Limits, and Settlement Rules: https://www.gro.now/legal/pricing-rules;
• Service Level Agreement (SLA): https://gro.now/legal/sla;
• Acceptable Use Policy (AUP): https://gro.now/legal/acceptable-use-policy;
• Survey and Activity Rules: https://www.gro.now/ru/legal/activity-rules;
• General Privacy Policy: https://gro.now/legal/general-privacy-policy;
• Data Processing Agreement (DPA): https://gro.now/legal/dpa;
• Cookie Policy: https://gro.now/legal/cookie-policy.

The order of priority for these documents is established in Section 28.

1.6. Language Versions. The Agreement may be published in Russian, Kazakh, and English. In the event of discrepancies, the Russian version shall prevail.

1.7. Provider Contacts. For claim-related and contractual correspondence, use the addresses specified in clause 1.2. The Provider is entitled to update contact details by publishing updates on the site.

1.8. Client Account. Access to the Platform is provided through Client user accounts managed by the Client Account Owner (see Section 5).

2. Terms and Definitions

Unless the context otherwise requires, the following terms have the following meanings:

2.1. Platform – the gro.now software and hardware complex, including web interfaces, mobile applications (app), backend services, AI-based analytics modules, data connectors, SDKs, and (where available) APIs, as well as related documentation.

2.2. Services – the Provider’s services for providing access to the Platform under the SaaS model, ensuring its operability and infrastructure support within SLA limits, as well as configuration work to set up Platform functionality (including Modules), if such work is provided for by the Tariff or agreed upon separately.

2.3. SaaS (Software as a Service) – a cloud model of software delivery where the Provider develops cloud software, ensures its maintenance, automatic updates, and availability, and provides such software to customers via the Internet for a fee proportional to the volume of use. The Provider manages all hardware, standard software, including middleware, software applications, and security.

2.4. Client, Client User – respectively: the organization/IE that has acceded to the Agreement; employees, contractors, and other authorized persons acting on behalf of the Client and using the Platform on the basis of rights granted by the Client.

2.5. Account – a collection of records and settings ensuring Client Users' access to the Platform, including identifiers, roles, tokens, and authentication methods (including SSO).

2.6. Client Account Owner – a Client user with "company owner" status, authorized to make key management decisions regarding the Client Account, including the selection and changing of the Tariff, access to billing, and other actions directly provided for by the User Agreement, Platform interface, or special terms.

2.7. Client Administrator – a Client user endowed with rights to manage access and Client settings in the Platform (creating/deleting users, assigning roles, configuring integrations, etc.) to the extent determined by the Client Account Owner and/or the Platform interface. The Client Administrator is not the Client Account Owner unless otherwise directly implied by the Platform settings.

2.8. Modules – pre-configured software components within the Platform functionality that allow for the automated collection, conduct of Activities, and analysis of information. The Provider ensures their operability and, if necessary, performs configuration/activation to the extent provided for by this Agreement and the Tariff.

2.9. Activities (Activity) – a set of marketing, research, and/or engagement measures carried out by the Client using the Platform functionality for interaction with respondents and/or data collection and analysis. Activities include, in particular, Surveys, tests and quizzes, game and gamified scenarios, contests and giveaways, referral and partner programs, and other campaigns.

2.10. Survey (Surveys) – an Activity in the form of an online questionnaire and/or interview conducted in an automated mode using the Platform, during which respondents answer the Client’s questions according to a pre-defined scenario (including NPS, CSI, eNPS, and other satisfaction/engagement metrics).

2.11. Respondent – an individual participating in an Activity (Survey, test, contest, referral or other program) initiated by the Client and/or its partners through the Platform. Legal relations between the Provider and Respondents are regulated by separate gro.now documents (user agreement for respondents, respondent data processing policy, terms of a specific Activity, etc.).

2.12. Client Data – any data, materials, and other information (including personal data) uploaded, provided, or otherwise transmitted by the Client to the Platform, as well as data received from sources/integrations connected by the Client (e.g., Google SSO, Calendly, etc.).

2.13. Results – any reports, visualizations, indicators, and other output materials generated automatically by the Platform based on Client Data and/or data from open sources during the use of Platform functionality (including analytical indicators for Surveys and other Activities), excluding materials owned by the Provider under Section 15.

2.14. Pricing Rules – the Pricing, Limits, and Settlement Rules for gro.now (b2b), posted at https://www.gro.now/legal/pricing-rules, regulating pricing, limits, settlements, payments, bonuses, Add-ons, Excess Usage, and other special modes.

2.15. Subscription – the right provided to the Client on a paid or other expressly stated basis to access the Platform for a specific period under the terms of the applicable Tariff, including established limits, functionality, and the current SLA. Detailed rules for Subscription formation, settlement periods, auto-renewal, and Subscription changes are determined by the Pricing Rules.

2.16. Tariff (Plan) – the commercial model of access to the Platform, determining the scope of available functionality, limits, settlement period, payment rules, and other applicable terms of use, published on the Tariff Page (https://www.gro.now/ru#pricing) and/or defined in an Individual Document.

2.17. Free Tariff – a tariff provided without charge, if the Provider directly allows such an access mode to the Platform, its individual functions, or a limited set of limits, without a pre-set mandatory term of validity, unless otherwise directly stated by the Provider.

2.18. Demo Access – free access provided by the Provider for a limited term with an expanded, trial, special, or individually determined set of functions, limits, and options for evaluating the Platform, testing usage scenarios, and making a purchase decision.

2.19. Archive Mode (Archive) – a mode of limited access to the Client Account after the expiration of a Demo tariff, termination of a paid Subscription, prolonged inactivity, or in other cases provided for by the User Agreement, where part of the Platform functions may be unavailable and active use of the Platform is restricted.

2.20. Invoice – a Provider settlement document (invoice, payment form, order, or other settlement document) determining the amount, currency, payment term, composition of charges, and other payment parameters. The procedure for issuing and paying Invoices is determined by the Pricing Rules.

2.21. Addendum / Order – a document agreed upon by the Parties specifically providing for special obligations of the Provider to perform tasks outside the Services (e.g., development/configuration of an additional Module), including the scope, timing, and cost of such services.

2.22. Individual Document – an invoice, order, contract, commercial proposal, or other document in which commercial terms are clarified or individualized for a specific Client in the manner determined by the Pricing Rules.

2.23. Site – the public pages https://gro.now/ and https://app.gro.now/.

2.24. Personal Data (PD) – information relating to an identified or identifiable individual, processed during the provision of Services and/or the conduct of Activities, including within Client Data or respondent data.

2.25. DPA (Data Processing Addendum) – the instruction for the processing of personal data, posted at https://www.gro.now/legal/dpa, regulating the roles of the Parties (Client – operator/controller, Provider – processor, where applicable), security measures, and the procedure for interaction.

2.26. SLA (Service Level Agreement) – the service level agreement, posted at https://www.gro.now/legal/sla, establishing target availability/response metrics and service credits.

2.27. AUP (Acceptable Use Policy) – the acceptable use policy, posted at https://www.gro.now/legal/acceptable-use-policy, defining prohibitions and restrictions when using the Platform.

2.28. Third-Party Services (Integrations) – external services and providers not controlled by the Provider (e.g., authentication/SSO providers, scheduling tools, payment organizations), interaction with which may be carried out at the Client’s choice.

2.29. Sub-processors – persons engaged by the Provider for data processing and/or the provision of part of the Services https://www.gro.now/legal/dpa.

2.30. Security Incident – a confirmed breach of information security resulting in unauthorized access, loss, modification, disclosure, or destruction of Client Data or personal data.

2.31. Trial Functions – any beta, preview, trial, demo, pilot, early access, or other functions, modules, tools, integrations, or access modes provided for testing, evaluation, limited use, or preliminary familiarization prior to their final commercial or product stabilization. The provision mode, restrictions, and termination of Trial Functions, as well as the terms of Demo Access and the Free Tariff, are determined by the Pricing Rules.

2.32. API – the Platform's application programming interface (if provided), allowing the Client to integrate external systems and automate functionality calls, available under separate API terms (if applicable).

2.33. Business Day – a calendar day, excluding weekends and official public holidays under the laws of the Provider's place of registration, unless otherwise specified in the SLA/Support Policy.

2.34. Remuneration/Fee – the amount payable by the Client for the Subscription and/or other services under the Agreement, including taxes and fees, if applicable.

2.35. Taxes – VAT and other indirect/direct taxes, fees, and withholdings applicable to payments made by the Client to the Provider.

2.36. Notification/Notice – a message sent in accordance with Section 24 (including e-mail, notifications in the Platform interface/personal account, and publications on the Site, when permitted by the Agreement).

2.37. Add-on – an additional paid or conditionally paid option, function, module, quota, limit package, access expansion, or other element provided over the base composition of the respective Tariff. Add-on terms are determined by the Pricing Rules.

2.38. Excess Usage – use of the Platform, an individual function, or a Platform resource over the limits included in the Tariff, if the possibility of such use is directly permitted by the Provider. Excess Usage terms are determined by the Pricing Rules.

2.39. Marketing Bonus (Bonus) – a benefit provided to the Client free of charge, not included in the mandatory composition of the Tariff, unless otherwise directly stated in special terms. The composition, volume, timing, and rules for providing Bonuses are determined by the Pricing Rules.

2.40. Settlement Period – the period for which the cost of the Subscription, Add-ons, Excess Usage, and other charges is determined, as specified by the Tariff, Invoice, Order, or other applicable document.

2.41. Location – a separate identifiable object (of the Client or a third party), accounted for in the Platform for monitoring, collection, display, comparison, or data analysis. Location accounting rules are determined by the Pricing Rules.

2.42. Tariff Page or Tariff Description – the current page of the gro.now website (https://www.gro.now/ru#pricing), where the current commercial and product parameters of the Tariffs are published, forming part of the contractual documentation in the manner determined by the Pricing Rules.

3. Subject and Composition of Services

3.1. Provision of Access to the Platform (SaaS). The Provider grants the Client access to the gro.now Platform in the volume of the respective Tariff, access mode, or other applicable terms, including paid, free, demo, and other special modes provided for by this Agreement and the Pricing Rules.

3.2. Platform Functionality. The Platform consists of interconnected modules, the availability and scope of functions of which are determined by the selected Tariff and current limits (see https://www.gro.now/ru#pricing). Functionality may include, among other things:

3.2.1. Reputation Module. Consolidation and analysis of user reviews/ratings and other customer experience signals from supported sources to conduct reputation research and monitor service quality, providing aggregated Results, such as:

• a) consolidated monthly and regional performance reports;

• b) AI-analysis of strengths/weaknesses, dynamics of service quality indicators (incl. NPS);

• c) trend tracking and notifications of significant deviations according to set rules;

• d) a comparative overview of market players based on available metrics and comparative dashboards for selected competitors/categories;

• e) identification of best practices and lagging areas, benchmarks for planning and controlling changes.

  3.2.2. Survey Module. Tools for the Client to independently conduct Surveys and other Activities, such as:

• a) a questionnaire builder with customizable question types, multi-language support;

• b) support for CSI, NPS, eNPS, and other metrics of satisfaction/engagement;

• c) game formats (including swipes/stories/quizzes) and "voice-to-text" option;

• d) collection, processing, and visualization of Results in the Platform interface.

  3.2.3. Referral Program Module. Tools for consumer engagement, launching referral and partner activities, such as:

• a) automatic identification of promoters based on Survey answers/metrics;

• b) invitations to the referral program, generation of personalized promo codes, and sharing tools;

• c) accounting of referrals/activities and basic analytics in a single dashboard.

  3.2.4. General Tools. Integrations with supported data sources, export of Results, administration of users and roles, notification management, and, where available – access to API/SDK.

Notes: (i) the list of sources, metrics, and formats may change without reducing the base volume under the Tariff; (ii) individual functions may be provided under Trial Function status "as is" (see cl. 3.11).

3.3. What is NOT included in the Services. Under no circumstances shall the following be considered Services under this Agreement (nor shall they be provided by the Provider within its framework): 3.3.1. professional, scientific, and technical services, including engineering services; 3.3.2. services in the field of advertising and market research (market research in the sense of services provided by the Provider as a contractor); 3.3.3. information services provided as a standalone type of service (preparation of reports/summaries by the Provider's efforts, editorial/analytical processing of data, etc.).

3.4. Additional Services. Under a separate Addendum/Order, additional work/services not included in the composition of the Services may be performed, including: 3.4.1. development/customization of Modules for Client tasks; 3.4.2. further development of Platform functionality for specific requirements (feature customizations); 3.4.3. setup and/or expanded configuration of the API; 3.4.4. integration of the Platform with Client systems and deployment of the Platform into the Client's infrastructure.

The scope, timing, cost, and acceptance terms for such additional services are determined only in the respective Addendum/Order.

3.5. Client Responsibility when using the Services. 3.5.1. The Client independently plans and conducts Activities (including Surveys), forms goals and hypotheses, designs interaction scenarios with respondents, determines target audiences and data sources, ensures the legality of their receipt and processing, as well as the presence of all necessary consents/notifications from data subjects (where applicable). 3.5.2. The Client is responsible for ensuring the content of Activities (including Surveys), scripts, questionnaires, triggers, and collected data complies with the requirements of applicable law, the AUP, and the DPA. 3.5.3. The Provider does not control and is not obligated to control the content of Activities (including Surveys) and is not responsible for the correctness of the Client's methodology, interpretations, and conclusions.

3.6. Restrictions and Acceptable Use. Use of the Platform, including Modules and the conduct of Activities, is subject to the AUP. The Provider is entitled to suspend or restrict access in the event of a breach of the AUP, security requirements, or law (Section 20).

3.7. Tariffs, Limits, and Quotas. The specific scope of functionality, types, and sizes of limits (incl. by number of Users, Locations, Surveys, Activities, storage/request volume, and other parameters), the limit calculation procedure, unit accounting rules, actions upon reaching limits, and Excess Usage terms are determined by the Pricing Rules and the Tariff Page (https://www.gro.now/ru#pricing). Exceeding limits is permitted only in the manner provided for by the Pricing Rules.

3.8. Support and SLA. The support procedure, incident categories, target reaction/recovery times, and service credits are defined by the SLA (https://gro.now/legal/sla). Service credits are the sole remedy for SLA breaches, unless otherwise directly agreed.

3.9. Third-Party Services and Integrations. The Platform may interact with external services (e.g., Google SSO, meeting schedulers, payment providers, etc.). Such services are not controlled by the Provider and are provided under the terms of the respective third parties. The Provider is not responsible for their availability, changes, or the results of their use. By connecting integrations, the Client confirms it possesses the rights to transmit data to such services and for their processing.

3.10. Data from Open Sources. When using Modules for automated collection and analysis of information from open sources, the Client guarantees compliance with the rules of the respective platforms, copyrights, and related rights, as well as robots.txt/terms-of-use restrictions, and confirms that the processing purposes are lawful.

3.11. Service Evolution and Trial Functions. The Provider is entitled to develop, change, and improve the Platform (incl. replacing or removing non-essential functions) without degrading the base core of the paid Tariff. Detailed rules for Platform development, permissibility of functional changes, provision and termination of Trial Functions, Demo Access, and the Free Tariff, as well as terms of dependence on external services and integrations, are determined by the Pricing Rules.

3.12. Results and Export. The Platform generates Results in accordance with the selected Tariff and current limits. The Client is entitled to export Results within the Platform's functionality. Additional formats/custom exports are provided only where available or by separate agreement.

3.13. Geography and Compliance Restrictions. The provision of access may be restricted for specific jurisdictions and categories of Users for reasons of sanctions or export control. The Provider is entitled to refuse or suspend access if the service violates applicable regimes (Section 22).

3.14. Document Priority. In terms of the scope of provided functions, limits, and metrics, the Tariff Description, SLA, AUP, and other documents specified in cl. 1.5 shall apply. In the event of a contradiction, the order of priority established by Section 28 shall apply.

3.15. Specific Regulation of Activities. The conduct of Activities involving Respondents is carried out by the Client as the organizer of such Activities. The technical provision of Activities, processing of Respondent data, and interaction with them by the Provider are regulated by separate gro.now documents (including the user agreement for respondents, the Respondent Data Processing Policy, and the Survey and Activity Rules). In the event of a conflict between this Agreement and such documents regarding the rights and obligations of Respondents, the documents for Respondents shall prevail.

4. Procedure for Conclusion (Acceptance) of the Agreement

4.1. Offer. The text of the Agreement posted on the Site is a public offer by the Provider to grant access to the Platform under the terms specified in the Agreement and linked documents (cl. 1.5).

4.2. Methods of Accession (Acceptance). Acceptance of the Agreement is carried out by any of the following methods (each of which is an independent and sufficient basis for concluding the Agreement):

4.2.1. Registration on the Platform. Clicking the "Register," "Create Account" button or a functionally similar interface element, performed after familiarization with the text of the Agreement and linked documents (cl. 1.5), signifies full and unconditional accession by the Client to the Agreement in the version in effect at the time of such action. If registration requires checking a box to accept the Agreement, its selection is a mandatory condition for completing registration.

4.2.2. Activation of Access Provided by the Provider. If the Provider creates or pre-configures a Client Account (incl. for Demo Access) and sends the Client login data, the first login by the Client into the Platform or the performance of another conclusive action (confirming an invitation, completing Account setup, starting use of functionality) signifies accession to the Agreement in its current version.

4.2.3. Signing a separate contract/order between the Provider and the Client containing a link to this Agreement or directly providing for the application of this Agreement.

4.2.4. Payment of an Invoice for a Subscription issued by the Provider. Payment of such an invoice signifies unconditional accession by the Client to the Agreement in the version in effect at the time of payment (unless the invoice/order specifies a different version).

4.3. Moment of Conclusion and Effective Date. 4.3.1. Upon registration on the Platform – from the moment registration is completed (clicking the button and/or selecting the checkbox to accept the Agreement). 4.3.2. Upon activation of pre-configured access – from the moment of the Client’s first login to the Platform or the performance of a conclusive action specified in cl. 4.2.2. 4.3.3. Upon signing a separate contract/order – from the date of signing by the last Party (or another date directly specified therein). 4.3.4. Upon payment of an invoice – from the moment the payment is received by the Provider (or from the start date of the Subscription specified in the invoice/order, if such date is later).

4.4. Relationship between the Agreement and Separate Contractual Documents. If, after concluding this Agreement, the parties sign a contract, order, addendum, commercial proposal, or other Individual Document, or if the Client pays an invoice for a paid tariff, such document or payment does not cancel the previously concluded Agreement, but rather defines or modifies the commercial terms applicable to the Account, including the Tariff, limits, Subscription term, price, payment procedure, support, and other special terms, from the date specified in the respective document, invoice, or Provider notification.

4.5. Registration Prior to Signing a Contract. If the Client registered an Account, received a Free Tariff, Demo Access, or another access mode prior to signing a separate contract/order, the relations between the parties until the effective date of such document shall be regulated by this Agreement, the Pricing Rules, and other applicable Provider documents in the version in effect at the respective time.

4.6. Signing a Contract Prior to Registration. If the parties first sign a separate contract, order, or other document, and the Account is created later, this Agreement shall apply to the use of the Platform from the date defined by such document, and in the absence of a specific indication - from the date the Account is created or access to it is provided, whichever occurs earlier.

4.7. Online Version and Archive. The current version of the Agreement is published on the Site. The Provider maintains an archive of previous revisions. If acceptance or application of the Agreement is confirmed by an invoice, order, contract, Platform logs, or other evidence, the revision of the Agreement in effect at the moment of the respective acceptance shall be considered applicable, unless otherwise directly recorded by the parties.

4.8. Authorities and Actions of Representatives. The Client guarantees that the person who signed the order/contract, or initiated invoice payment/Account creation/appointment of the Client Account Owner or Administrator, acts with proper authority. Actions by the Client Account Owner (selection of Tariff, payment, user management, billing access, etc.) and the Client Administrator (integration setup, inviting users, consenting to updated limits, etc.) are considered actions of the Client.

4.9. Electronic Forms and Signing. The parties recognize the legal force of electronic documents, electronic signatures (incl. simple ones), and scan copies/PDFs, as well as acceptance through conclusive actions (invoice payment), on par with hard-copy counterparts, unless otherwise directly prohibited by applicable law.

4.10. Acceptance Confirmation and Logging. The Provider is entitled to maintain logs (log records) of facts of registration, selection of checkboxes to accept the Agreement, first login to a pre-configured Account, payment, creation/modification of the Account, and appointment of the Client Account Owner or Administrator.

4.11. Linked Documents and Amendments. The Agreement is applied in conjunction with the SLA, AUP, Tariff Description, etc. (cl. 1.5). The procedure for amending the Agreement is in Section 27; document priority is in Section 28.

5. Account and Access

5.1. Provision of Access to the Platform. 5.1.1. General Rule. Access to the Platform is considered provided from the moment the Client has gained the actual ability to log into the Platform and use the functionality available under the applicable Tariff. 5.1.2. Access via Self-Registration. If the Client independently creates an Account through the Platform interface (cl. 4.2.1), access is considered provided from the moment registration is completed. Functional scope and limits are determined by the Tariff applicable to the Client by default (Free Tariff, if available, or another mode determined by the Provider). 5.1.3. Access via Provider Activation (including Demo Access). If the Provider creates or pre-configures a Client Account and sends login data, access is considered provided from the moment such data is sent (via e-mail, the Platform interface, or another electronic method), unless within 2 business days the Client sends the Provider motivated objections regarding the inability to gain access for reasons dependent on the Provider. 5.1.4. Activation of Paid Tariff After Payment. Upon receipt of payment for a Subscription, Add-on, limit expansion, or other paid option, the Provider shall activate the paid access mode (increase limits, open functionality, change Account status) no later than 2 business days from confirmation of full payment. The Provider sends the Client Account Owner a notification of paid access activation via e-mail and/or through the Platform interface. If within 2 business days of receiving such notice the Client does not send the Provider motivated objections regarding the inability to use the paid functionality for reasons dependent on the Provider, paid access shall be considered provided properly and accepted without reservation. 5.1.5. Content of Objections. Client objections regarding non-provision of access must contain a description of the identified problem, the date and time of its discovery, and, upon Provider request, supporting materials (screenshots, screen video recording, description of user actions). 5.1.6. Risk of Non-Receipt of Notification. Non-receipt of a notification by the Client due to the indication of an incorrect e-mail address, failure to check the mailbox, the message landing in "Spam," restrictions on the side of the Client's e-mail service, or other circumstances beyond the Provider's control, does not constitute non-provision of access.

5.2. Account Creation, Account Owner, and Roles. 5.2.1. Access to the Platform is provided within the Client Account. Upon creation of the Account, the Client Account Owner is defined, who holds the primary management role. 5.2.2. Unless otherwise configured in the Platform, the Client Account Owner makes decisions regarding:

• a) selection and modification of the Tariff;

• b) management of Client Users (invitation, deactivation, role assignment);

• c) access to billing, invoices, payment notifications, and Account financial information;

• d) payment for Subscriptions, Add-ons, and other paid options;

• e) other management actions provided for by the Agreement, Pricing Rules, and the Platform interface. 5.2.3. The Client shall appoint at least one Client Administrator who manages users, roles, settings, and integrations to the extent determined by the Client Account Owner and/or the Platform interface. The Client Administrator may be the same person as the Client Account Owner. 5.2.4. Actions of the Client Account Owner and Client Administrator are considered actions of the Client (see cl. 4.8).

  5.3. Client Users. Access is provided to individuals – employees and/or engaged contractors of the Client, acting under the Client’s control. The Client ensures that such persons comply with the Agreement, AUP, and applicable law.

  5.4. Named Access and Prohibition of Sharing. Each user account is tied to one specific user and may not be shared/used jointly. Group/shared accounts are not permitted, except for service accounts for integrations, where expressly allowed by the Provider.

  5.5. Seats/Licenses and Limits. The number of active users, projects, integrations, and other limits are determined by the selected Tariff and Subscription parameters. Exceeding limits is only possible through an upgrade or separate agreement (see cl. 3.7).

  5.6. Authentication and Security. The Client ensures compliance with information security requirements, including: 5.6.1. use of strong passwords and, where available, multi-factor authentication (highly recommended for the Client Account Owner); 5.6.2. maintaining currentness of user data, timely deactivation of terminated/unauthorized users; 5.6.3. protection of devices and networks from which access is carried out; 5.6.4. keeping keys/tokens/passwords confidential and immediate notification of their compromise.

  5.7. SSO and Authentication Integrations. When using SSO (e.g., Google), the Client is responsible for the correctness of its provider settings, password/MFA policy on the provider's side, user lifecycle management, and timely revocation of rights.

  5.8. API Access. If API access is provided, tokens/keys are confidential and must not be transferred to third parties other than contractors under the Client's control. The Client is obligated to comply with technical restrictions (rate limits, request sizes, etc.) and other terms.

  5.9. Administration and Principle of Least Privilege. The Client is obligated to assign roles according to the "minimum necessary access" principle, regularly review rights, and maintain accounting of service and integration accounts.

  5.10. Responsibility for Content and Actions. The Client is responsible for all actions in the Account, including uploading Client Data, launching Activities, forming questionnaires, and working with Modules, as well as for compliance with third-party rights and AUP/DPA requirements.

  5.11. Suspicion of Compromise. Upon suspicion of unauthorized access, the Client must immediately: (i) change passwords/revoke tokens; (ii) deactivate compromised accounts; (iii) notify the Provider. The Provider is entitled to temporarily suspend access until risks are eliminated (see Section 20).

  5.12. Logs and Audit. The Platform may maintain technical logs (authentication, parameter changes, security events) for security and support purposes. Log storage and availability periods are determined by the Tariff and SLA.

  5.13. Access Restriction and Blocks. The Provider is entitled to restrict or block access for individual users/integrations in the event of: (i) a violation of the AUP or law; (ii) a security threat; (iii) payment arrears (see Sections 9 and 20). Justified restrictions are not considered a breach of the Provider’s obligations.

  5.14. Deactivation and Deletion. The Client Account Owner independently manages the user lifecycle (activation/deactivation). Data deletion and export upon termination are regulated by Section 20 and current Platform settings.

  5.15. Client Contractor Access. The Client is entitled to provide access to its contractors exclusively for providing services to the Client and under its control and responsibility. Any "outsourced" use of the Platform in the interest of third parties (not the Client) is prohibited without separate Provider consent.

  5.16. Trial Functions. During trial use, use of test environments, and beta functions, the Client must not upload sensitive personal data unless expressly permitted by the Provider. Trial functions are provided "as is" (see Section 6).

  5.17. AUP Compliance. All use of the Account and access to the Platform are subject to the Acceptable Use Policy (AUP) https://www.gro.now/legal/acceptable-use-policy. The Provider may require the Client to implement reasonable measures (multi-factor authentication, key rotation, password policy) to mitigate risks.

6. Account Lifecycle and Archive Mode

6.1. Scope of Application. This Section regulates access modes to the Client Account, inactivity terms, Archive Mode, functional restrictions, storage, export, and deletion of data, restoration, and final deactivation of the Account. Commercial consequences of changing the access mode (including transfer to the Free Tariff or Archive Mode upon non-payment, restoration after payment, and other settlement issues) are determined by the Pricing Rules.

6.2. Grounds for Transfer to Archive Mode. A Client Account may be transferred to Archive Mode in the following cases:

• a) expiration of the Demo Access term, if the Provider has not directly indicated a different transition mode;

• b) termination of a paid Subscription in the absence of payment for the next period, if the Free Tariff is unavailable for the respective category of Clients;

• c) prolonged Client inactivity on the Free Tariff;

• d) other cases directly provided for by this Agreement or the Pricing Rules.

  6.3. Inactivity. Inactivity is recognized as a situation where no Client User has logged into the Account or performed significant actions in the Platform (logging in, launching Activities, creating or editing objects, using the API) for 90 continuous calendar days, unless a different term is directly specified by the Provider in the Platform interface, a notification, or an Individual Document. The Provider is entitled to send the Client Account Owner a notification of an approaching transfer to Archive Mode no later than 15 calendar days before such transfer.

  6.4. Contents of Archive Mode. In Archive Mode:

• a) the Client Account is preserved; the Client Account Owner (and, if configured, other users with read-only access) may log into the Platform to view previously created data and Results;

• b) the creation of new objects (Surveys, Activities, questionnaires, projects, integrations), launching of Activities, and other active use of the Platform are restricted;

• c) data export may be restricted or unavailable, unless otherwise directly provided for by the Provider;

• d) integrations, API access, automatic mailings, webhooks, and other functions associated with active use are suspended;

• e) the SLA and service credits do not apply to an Account in Archive Mode;

• f) the Provider is not obligated to provide technical support, except for issues regarding access restoration and data export (if export is available).

  6.5. Restriction of Export and Integrations. The Provider is entitled to restrict or suspend data export, integration functionality, and API access in Archive Mode. If data export is available in Archive Mode, the Provider shall indicate this in the Platform interface or a notification. The Client is responsible for the timely export of data before the Account is transferred to Archive Mode.

  6.6. Data Storage Period in Archive Mode. Client Data is stored in Archive Mode for 90 calendar days from the date of transfer to Archive Mode, unless a different term is directly specified by the Provider in the Platform interface, a notification, or an Individual Document. Upon expiration of the specified term, the Provider is entitled to delete or anonymize Client Data and Results in the manner provided for by cl. 9.9, the DPA, and the Provider’s internal procedures.

  6.7. Restoration from Archive Mode. The Client is entitled to restore active access to the Account from Archive Mode by:

• a) paying for a Subscription or another paid Tariff — in which case the Provider shall restore the paid access mode after payment confirmation in the manner provided for by the Pricing Rules; or

• b) transitioning to the Free Tariff (if such tariff is available for the respective category of Clients) through the Platform interface. Restoration is only possible within the data storage period (cl. 6.6). After data deletion, restoration of the Account with the previous data is impossible.

  6.8. Preliminary Deactivation. If, after expiration of the data storage period in Archive Mode (cl. 6.6), the Client has not restored access, the Provider is entitled to send the Client Account Owner a notification of the upcoming final deactivation of the Account and data deletion no later than 30 calendar days before such deactivation.

  6.9. Final Deactivation and Deletion. The Provider is entitled to finally deactivate the Client Account and delete or anonymize Client Data and Results if:

• a) the data storage period in Archive Mode (cl. 6.6) has expired and the Client has not restored access; or

• b) the Agreement is terminated on the grounds of Section 19 and the export window period (cl. 20.7.2) has expired. Deletion is performed from active systems; technical backup copies may be preserved and deleted according to the Provider's backup lifecycle and in the manner provided for by the DPA. After final data deletion, the Provider cannot restore them upon Client request.

  6.10. Provider’s Right to Modify or Terminate Free Access Mode. The Provider is entitled at any time to modify, restrict, or completely terminate the provision of the Free Tariff and/or Archive Mode for all or specific categories of Clients. In the event of complete termination of the free access mode, the Provider shall send affected Clients a notification at least 30 calendar days in advance with the option to export data or transition to a paid Tariff. Upon expiration of the specified term, the Account shall be subject to final deactivation if the Client has not transitioned to a paid Tariff.

  6.11. Interaction with Pricing Rules. Commercial consequences of transferring an Account to the Free Tariff or Archive Mode (including recalculation, cessation of charges, restoration after payment, and other settlement issues) are determined by the Pricing Rules. This Section regulates the access mode, functional restrictions, and data lifecycle.

7. Terms of Use for Trial Functions, Demo Access, and the Free Tariff

7.1. General Principle. Trial functions (including trial, beta, preview, pilot, early access), Demo Access, and the Free Tariff are provided under the terms defined by the Pricing Rules. This Section establishes the framework principles applicable to such access modes.

7.2. Provision "As Is." Trial functions, Demo Access, and the Free Tariff are provided on an "as is" and "as available" basis without any express or implied warranties, including warranties of merchantability, fitness for a particular purpose, non-infringement, and accuracy of results (see Section 17). The Provider is not obligated to provide support for such modes; the SLA and service credits do not apply to them.

7.3. Data and Risk of Loss. Data and settings entered by the Client within Trial Functions or Demo Access may be irretrievably lost upon expiration of the respective period if the Client does not formalize a paid Subscription or perform an export using available Platform tools. The Client agrees not to upload special categories of personal data into Trial/beta environments unless directly permitted by the Provider and formalized in the DPA.

7.4. Modification and Termination. The Provider is entitled at any time to modify, restrict, suspend, withdraw, or terminate Trial Functions, Demo Access, or the Free Tariff in full or in part without compensation. Temporary access to a function does not create a right for the Client to demand its preservation, free provision in the future, or inclusion in a paid Tariff.

7.5. Liability. To the maximum extent permitted by law, Provider liability for Trial Functions, Demo Access, and the Free Tariff is excluded; the Client’s sole remedy is to cease use (see also Sections 17 and 18).

7.6. Applicable Terms. The AUP, DPA, and other applicable provisions of the Agreement (including Sections 11, 12, 13, 15, 22) apply to Trial Functions, Demo Access, and the Free Tariff. Detailed terms, including periods, the transition procedure after Demo Access expiration, the distinction between the Free Tariff and Demo Access, and data and results restrictions, are determined by the Pricing Rules.

8. Tariffs and Subscription

8.1. Plans and Access Volume. Access to the Platform is provided via a subscription model within a selected Tariff, the parameters of which (functions, limits, user types, quotas, etc.) are published on the Tariff Page and are considered included in the Agreement. Tariff types and their parameters, limit calculation rules, and other commercial terms are determined by the Pricing Rules.

8.2. Subscription Term and Auto-renewal. A Subscription is formalized for a fixed term specified in the Invoice, Order, or Individual Document. Unless otherwise directly stated, the Subscription automatically renews for the next Settlement Period. Auto-renewal terms, the procedure for its cancellation, deadlines, and consequences of cancellation are determined by the Pricing Rules.

8.3. Limits and Usage Accounting. The number of active Users/seats, as well as other limits, are determined by the selected Tariff and/or Individual Document. Limit types, the calculation procedure, unit accounting rules, actions upon reaching limits, Excess Usage terms, and period-based accounting rules are determined by the Pricing Rules. Actual usage is measured by Platform System Data.

8.4. Subscription Modification (Upgrade/Downgrade). The Client is entitled to request a change in Tariff, number of seats, limits, or Add-on composition. The procedure for upgrading and downgrading, the effective date of changes, the recalculation procedure (incl. for long-term pre-paid Subscriptions with a discount), the obligation to bring usage into compliance, and other terms are determined by the Pricing Rules.

8.5. Add-ons and Additional Options. Individual functions, quotas, modules, and other expansions may be provided as Add-ons under terms defined by the Pricing Rules. The Add-on term follows the Subscription term or is fixed separately in the Invoice, Order, or Individual Document.

8.6. Marketing Bonuses and Special Options. The Provider is entitled to provide the Client with Bonuses, special options, temporary expansions, bonus support hours, methodologist consultations, and other benefits. Bonuses are not included in the mandatory Tariff composition, are provided at the Provider's discretion, and may be modified or terminated. Provision terms, volume, timing, and rules for Bonuses are determined by the Pricing Rules.

8.7. Modification of Tariff Parameters. The Provider is entitled to change the composition of Tariffs, functions, and limits for future periods. For more details, see the rules in Section 27 below.

8.8. Usage Accounting and Absence of Acts. 8.8.1. The Platform maintains accounting of events, requests, volumes, and other metrics to calculate compliance with limits. Such data may be used for billing, reporting, and the application of AUP/SLA measures. 8.8.2. Acceptance certificates (Acts) for services rendered are not drafted or signed within a standard Subscription, unless otherwise directly agreed by the parties. Platform System Data serves as confirmation of the volume and fact of Service provision in the manner determined by the Pricing Rules. 8.8.3. Usage reports are generated by Platform tools and are available in the personal account. Platform System Data is definitive in any dispute regarding usage volume, unless the Client provides credible evidence of a manifest technical error.

9. Prices, Settlements, and Taxes

9.1. Fee and Currency. The cost of Subscriptions, Add-ons, Excess Usage, and other paid options (collectively – the "Fee") is determined by the Invoice, Order, Individual Document, and/or Tariff Page. Unless otherwise directly stated, prices do not include taxes. Detailed rules for determining price, currency, conversion, invoice composition, rounding, and other settlement parameters are determined by the Pricing Rules.

9.2. Invoicing and Payment Procedure. Access to the Platform is generally provided on a pre-payment basis. The procedure for issuing Invoices, methods of delivery, payment and Invoice validity terms, consequences of late payment, the procedure for activating access after payment, and other settlement procedures are determined by the Pricing Rules. In the absence of payment within the established term, access shall not be activated or may be suspended until funds are received.

9.3. Volume and Quality Disputes. The Client is entitled to send a motivated claim regarding the volume or quality of the Service within 3 business days of the end of the respective reporting month. In the absence of a motivated claim within the specified term, the Service for the reporting month shall be considered provided properly. In a dispute regarding usage volume, Platform System Data is definitive, unless the Client proves the presence of a manifest technical error.

9.4. Taxes and Withholdings. 9.4.1. Prices are stated without VAT and other taxes; where applicable, they are charged over the price and paid by the Client. 9.4.2. Payments are made without withholdings or deductions. If the Client’s law requires tax withholding at the source, the Client shall increase the payment (gross-up) so that the Provider receives the full amount, and shall provide supporting documents. 9.4.3. Upon Client request, the Provider may provide a tax residency certificate for the purposes of applying double taxation avoidance treaties (where applicable). 9.4.4. Detailed rules regarding the tax regime, currency, conversion, bank commissions, electronic invoices, and special conditions for specific jurisdictions are determined by the Pricing Rules.

9.5. Additional Services and Excess Usage. Payment for Add-ons, additional services (incl. under Addenda/Orders), and Excess Usage is carried out in the manner determined by the Pricing Rules. Unpaid options shall not be launched; late payment may result in suspension under cl. 8.2.

9.6. Prohibition of Set-off. The Client is not entitled to withhold or offset amounts unilaterally, except in cases directly provided for by party agreement.

9.7. Refunds and Service Credits. Cash refunds for paid periods are provided only in cases directly provided for by the Pricing Rules, an Individual Document, or mandatory provisions of law. Refund calculation formulas (incl. for long-term Subscriptions with a discount), the form and timing of refunds, as well as the offset procedure, are determined by the Pricing Rules. Compensation for SLA breaches takes the form of service credits (see SLA), which are not convertible to cash and are offset against future payments.

9.8. Settlement Currency and Rates. Rules for determining currency, conversion, applicable rates, and distribution of bank commissions are determined by the Pricing Rules. Only the amount actually credited to the Provider in the Invoice currency is accepted for settlement.

9.9. Anti-fraud and Payment Compliance. The payer under an Invoice must be the Client itself or its affiliate directly specified in the Order. The Provider is entitled to refuse payment from another person until grounds are confirmed and/or to request KYC/AML information within reasonable limits.

9.10. Priority. Special terms regarding price/payment/indexation agreed upon in a Contract/Addendum/Order shall take priority over this Section. The Pricing Rules supplement this Section and apply in parts not regulated by an Individual Document.

10. Acceptable Use

10.1. AUP as Part of the Agreement. Use of the Platform is regulated by the Acceptable Use Policy (AUP), posted at https://www.gro.now/legal/acceptable-use-policy, which is an integral part of the Agreement.

10.2. Base Prohibitions. The Client and its Users agree not to: 10.2.1. violate the law or third-party rights, upload/process illegal content; 10.2.2. attempt to bypass technical restrictions, conduct unauthorized access, or penetration tests without consent; 10.2.3. perform reverse engineering, de-obfuscation, scraping, or automated data collection outside the functions provided by the Platform; 10.2.4. transfer access to third parties, share user accounts or tokens; 10.2.5. exceed established limits and quotas, or abuse API/integrations.

10.3. Monitoring and Measures. The Provider is entitled to use reasonable technical monitoring tools for AUP compliance, and in the event of a violation – to restrict/suspend access (in full or in part) until violations are eliminated (see Sections 5, 20), as well as to request explanations and corrective measures.

10.4. AUP Priority. In the event of a discrepancy between this Section and the AUP, the AUP shall prevail. AUP updates are published at https://www.gro.now/legal/acceptable-use-policy and apply in the manner set out in Section 27.

11. Data and Results

11.1. Definitions (for the purposes of this section) 11.1.1. Client Data – any data, materials, and information (incl. personal data) uploaded/provided by the Client to the Platform or received from integrations connected at the Client’s choice. 11.1.2. Open Source Data – information aggregated by the Platform from publicly available Internet sources, including but not limited to review systems, navigators, media/articles, social networks, competitor sites, and other public resources. 11.1.3. Data Owners – individuals/legal entities holding rights to the respective sources from which Open Source Data enters the Platform. 11.1.4. Results – any reports, visualizations, indicators, and other output materials generated automatically by the Platform based on Client Data and/or Open Source Data.

11.2. Data Rights and Licenses 11.2.1. Client Ownership Right. All rights to Client Data are retained by the Client. The Provider does not acquire any rights to them, except for the limited license under cl. 11.2.3. 11.2.2. Data Owners' Rights. Rights to Open Source Data belong to the respective Data Owners; the Platform processes only publicly available information within the limits allowed by law and platform rules. 11.2.3. License to Provider. The Client grants the Provider a non-exclusive, royalty-free license, limited by the purpose and term of the Agreement, to use Client Data solely for: (i) provision and support of the Services; (ii) improvement of Service performance (for details see cl. 11.7); (iii) ensuring security/backup; (iv) fulfillment of legal/regulatory requirements where a legal basis exists. 11.2.4. Results. Unless otherwise directly stated in an order/addendum, rights to Results (as a set of automatically generated materials), excluding Provider materials/IP (source code, models, algorithms, templates), belong to the Client.

11.3. Data Collection and Processing 11.3.1. Client Data. The Client guarantees the legality of uploading/use, the presence of all necessary rights/grounds (including subject consents where necessary), and compliance with the AUP/applicable law. 11.3.2. Open Source Data (Aggregation). The Provider carries out automated collection, aggregation, and processing of Open Source Data, including the use of AI technologies and filtration/"cleaning." The Provider applies reasonable efforts to the quality of processing but does not guarantee absolute reliability, completeness, or currentness of such data; they are provided "as is." 11.3.3. Independence from Sources. The Provider does not control the availability and composition of Open Source Data; suspension of data access/modification/deletion of information by Data Owners is not a breach by the Provider and is not a degradation of the quality or completeness of the Services.

11.4. Restrictions, Publication, and External Use 11.4.1. Internal Use. The Client uses Data (including Results) exclusively for its own internal needs. 11.4.2. Compliance with Data Owners' Restrictions. The Client agrees to independently comply with all legal/technical restrictions of Data Owners (consent for use, terms of use, robots.txt, etc.).

11.5. Reliability, Liability, and "As Is" Condition 11.5.1. The Provider is not liable for: (i) errors/inaccuracies/distortions in Open Source Data; (ii) consequences of Client decisions made based on Results. The Client independently verifies the suitability of Results for its purposes. 11.5.2. The Provider is entitled to suspend or restrict access to specific data/functions if:

• a) the Data Owner has introduced restrictions;

• b) access to sources is suspended/terminated;

• c) the Client violates the Agreement or the rules of respective sources;

• d) it is necessary for compliance with the law/protection of third-party rights.

  11.6. Export, Storage, and Deletion 11.6.1. Export. During the Subscription term, the Client is entitled to export Results and, where provided for by functionality – copies of Client Data, in supported formats. 11.6.2. Storage and Backups. The Provider ensures storage and backup in the volume necessary for providing Services and fulfilling the SLA; technical backups are stored for a limited time and then overwritten. 11.6.3. Deletion/Anonymization. Upon request of the Client Account Owner, the Provider deletes/anonymizes data within functional/legal possibilities. Procedure upon termination – Section 20.

  11.7. Use for Service Improvement. By default, the Provider does not use the content of Client Data/Results to improve Services in a form that allows for the identification of the Client/subjects. Use of anonymized aggregated metrics (performance indicators, error types) for monitoring quality/security is permitted.

  11.8. System Data and Usage Accounting. The Platform may collect telemetry, authentication/event logs, performance metrics, and consumption accounting (for billing, SLA, AUP, and support). These data do not include the content of Client Data, unless resulting from an incident/support request.

  11.9. Third-Party Claims and Indemnification. In the event of claims from Data Owners/third parties related to the Client's use of Results/Data contrary to the Agreement or source terms, the Client shall, upon request, provide documents/explanations, and shall indemnify the Provider for reasonable losses, fines, and expenses (including defense costs) in a volume compatible with Section 19.

  11.10. Content Restrictions. It is prohibited to upload/process data categories in the Platform that are forbidden by the AUP or directly restricted by law/documentation (e.g., highly sensitive PD – unless functionally provided for and under a separate agreement).

  11.11. Security Incidents. Upon a confirmed Security Incident affecting Client Data or Client confidential information, the Provider acts according to notification and response procedures established in the DPA and security policies, and takes reasonable measures to restore integrity/availability.

  11.12. Form of Analytics Provision. The Provider provides analytical materials exclusively within the Platform interface; they are generated in an automated mode and are not subject to manual refinement or provision as separate documents, unless otherwise directly provided for by an Addendum/Order.

12. Confidential Information and Personal Data

12.1. Confidential Information (CI): Definition. CI means any non-public information disclosed by one Party to another orally, in writing, in electronic form, or through the Platform, marked as "confidential" or obviously being such by the nature and circumstances of disclosure (incl. business plans, finances, technology, architecture/models/algorithms, source code, keys/tokens, user data, transaction terms/prices, security, Client Data, and Results).

12.2. Exceptions. Information is not recognized as CI if it:

• a) has become publicly available without a breach of the Agreement;

• b) was already lawfully known to the receiving Party prior to disclosure;

• c) was received from a third party without restriction and without a breach of its obligations;

• d) was developed by the receiving Party independently without use of the disclosing Party's CI.

  12.3. Obligations Regarding CI. The receiving Party agrees to:

• a) use CI exclusively for the purposes of performing this Agreement;

• b) not disclose CI to third parties without prior written consent of the disclosing Party, except for permitted contractors/sub-processors engaged for performance and bound by equivalent confidentiality obligations;

• c) ensure a regime of "no less than reasonable" level of protection (and, where applicable, no less than standard industry security measures);

• d) allow access to CI only to employees/contractors on a need-to-know basis and not use CI to the detriment of the disclosing Party.

  12.4. Confidentiality Term. The Parties shall observe the confidentiality regime regarding CI for 3 years from the moment of each actual disclosure/transfer of respective CI.

  12.5. Forced Disclosure. In the event of a requirement by law/act of a state body to disclose CI, the receiving Party (within permissible limits) shall promptly notify the disclosing Party and disclose only that part of the CI that is necessary, taking reasonable measures to preserve the confidential regime (incl. petitioning for closed consideration/protective order).

  12.6. Return/Deletion. Upon request of the disclosing Party or upon termination of the Subscription, the receiving Party shall return or delete the CI within a reasonable term, except for: (i) backup copies deleted according to the backup lifecycle; (ii) archive copies preserved for the purposes of legal compliance/internal reporting while continuing to observe the confidentiality regime.

  12.7. Breach and Remedies. A breach of the CI regime may cause irreparable harm; in addition to recovering losses, the disclosing Party is entitled to seek an injunction/other preventive remedy without the need to prove the inadequacy of monetary compensation.

  12.8. Priority of Separate NDA. The Parties may conclude a separate Non-Disclosure Agreement (NDA). In the event of a conflict between this Section and a signed NDA, the terms of the NDA shall prevail, but only in the part directly regulated by it.

  12.9. Personal Data. 12.9.1. If personal data are processed during use of the Platform, the Parties are guided by the DPA (https://www.gro.now/legal/dpa) and the Privacy Policy (https://www.gro.now/legal/general-privacy-policy). Roles: Client – operator/controller, Provider – processor (where applicable). 12.9.2. Security procedures, incident notifications, cross-border transfers, and sub-processing are regulated by the DPA. 12.9.3. Nothing in this Section restricts the Parties' obligations under the DPA and applicable PD law; in the event of a conflict, the DPA shall prevail regarding PD.

13. Security and Incidents

13.1. Approach and Distribution of Obligations. Security is ensured via a shared responsibility model: 13.1.1. The Provider is responsible for the security of the Platform and the cloud infrastructure on which it is hosted (perimeter, computing resources, networks, storage, backup, logs, monitoring, and response tools). 13.1.2. The Client is responsible for the security of its Account and users (access/role management, SSO/MFA, password policy, protection of end devices/networks, secure use of API and integrations), as well as for the legality of uploaded data.

13.2. Technical and Organizational Measures (TOMs). The Provider maintains and regularly updates a reasonable set of security measures, including at a minimum: 13.2.1. data encryption in transit (TLS) and at rest (at the level of storage/key cloud services); 13.2.2. access control according to the "least privilege" principle, role differentiation, multi-factor authentication for administrative access; 13.2.3. environment segmentation, secret/key management, token rotation; 13.2.4. logging of authentication/access/significant system events and their monitoring; 13.2.5. backup and periodic restoration checks; 13.2.6. secure development and change management (code review, vulnerability analysis, managed releases); 13.2.7. risk assessment and management, personnel training on security and confidentiality.

13.3. Audits and Standards. The Provider may undergo external checks/assessments (e.g., against industry standards) and, upon Client request, provide summary reports/certification letters and a list of key controls under NDA. Provision of source artifacts and access to Provider environments is not carried out.

13.4. Penetration Testing and Scanning. Unauthorized scanning/pen-testing of the Platform by the Client is prohibited. Testing is allowed only with prior written consent from the Provider, according to a coordinated window and methodology, without access to other clients' data.

13.5. Incident Notification. Upon a confirmed Security Incident affecting Client Data or Client confidential information, the Provider shall notify the Client without undue delay (target benchmark – within 72 hours of incident confirmation) with an indication of available information regarding the nature, scale, taken, and planned measures. Additional notifications and interaction are carried out in accordance with the DPA and applicable law.

13.6. Reaction and Impact Mitigation. The Provider is entitled to temporarily suspend specific functions/Client access if necessary for the localization/neutralization of an incident or elimination of a critical vulnerability, with subsequent restoration of functionality as risks are mitigated (see Section 20 and SLA https://www.gro.now/legal/sla).

13.7. Notification and Coordination. The Parties shall appoint contact persons for the exchange of operational information regarding incidents. The Client agrees to:

• a) promptly report identified vulnerabilities/suspicious activities in its Account;

• b) follow reasonable Provider instructions to mitigate risks (including enabling MFA, revoking tokens, changing passwords);

• c) maintain the confidentiality of incident details until official communications.

  13.8. Client Responsibility for Accounts. All actions performed using Client accounts, keys, and integrations are considered actions of the Client. The Client is obligated to promptly deactivate access for terminated/unauthorized persons and to revoke compromised keys/tokens (see cl. 5.6, 5.11).

  13.9. Business Continuity and Recovery. The Provider maintains measures to ensure business continuity and recovery after failures (BCP/DR), including backup of critical components and a service restoration procedure within reasonable timeframes agreed upon in the SLA.

  13.10. Vulnerabilities and Responsible Disclosure. The Provider maintains a triage/remediation process for vulnerabilities. We ask that identified vulnerabilities be reported to the Provider's specified security channel; public disclosure is allowed only after a coordinated term/remediation with the Provider, so as not to create risks for the Client and other users.

  13.11. Sub-processing and Vendors. Engagement of sub-processors and cloud providers is permitted subject to compliance with comparable security measures and the DPA. The current list is formalized as a separate addendum to the DPA; the Provider conducts reasonable checks of key providers and monitors compliance with contractual security requirements.

  13.12. Logs and Storage. Storage periods for access/event logs and the format of their provision to the Client (if applicable) are determined by Platform functionality, documentation, and the SLA. Access to "raw" infrastructure logs may be restricted for security and privacy reasons of other clients.

  13.13. Limitations of Liability and Interaction with DPA. This section regulates Platform security and Party interaction during incidents. The procedure for personal data processing, notification of subjects/regulators, and other PD requirements are regulated by the DPA; regarding PD, the DPA terms shall prevail.

14. SLA and Support

14.1. SLA Applicability. Service levels are regulated by the SLA document (https://www.gro.now/legal/sla), which is an integral part of the Agreement and applies within the paid Subscription and selected plans/tariffs.

14.2. Availability and Metrics. Target indicators (service availability, reaction/recovery time, incident prioritization, uptime measurement) are defined in the SLA. Measurement is carried out according to Provider logs and monitoring.

14.3. Service Credits (Sole Remedy). For deviations from target indicators, service credits are provided, the calculation and application procedure for which is established in the SLA. Service credits are the sole and exclusive remedy for SLA breaches and are not convertible to cash.

14.4. Exclusions. The SLA does not apply to:

• (i) scheduled maintenance windows announced according to SLA rules;

• (ii) cases caused by Client violation of the AUP/Agreement;

• (iii) failures in third-party services/infrastructure of the Client/Internet providers;

• (iv) Trial Functions and test environments;

• (v) circumstances of force majeure.

  14.5. Credit Request Procedure. To receive a service credit, the Client sends a request within the terms and in the manner specified in the SLA, indicating affected intervals and supporting data. Missing the request submission deadline forfeits the right to credit for the respective period.

  14.6. Support. Channels, business hours, support languages, request prioritization, target reaction times, and escalation are specified in the SLA (https://www.gro.now/legal/sla). Requests regarding security/incidents are submitted to the dedicated channel (see Section 13).

  14.7. Scheduled Work. The Provider is entitled to conduct routine work in agreed-upon windows. Notifications are published in advance in the manner established by the SLA (and, if necessary, in the Platform interface).

  14.8. Interaction with Other Documents. In the event of a conflict between this Section and the SLA, the SLA shall prevail; billing issues for service credits are regulated by Section 9 and the Pricing Rules (https://www.gro.now/legal/pricing-rules).

15. Integrations and Third-Party Services

15.1. General Provisions. The Platform may interact with third-party services and providers (including authentication/SSO providers, schedulers, payment services, content storage/delivery systems, analytical tools, as well as Large Language Model – LLM providers). Such services are not controlled by the Provider and are provided under the terms of the respective third parties.

15.2. LLMs and Generative Components. 15.2.1. Certain Platform functions use third-party LLMs (as sub-processors/technology providers) for analysis, summarization, text generation, and other operations. 15.2.2. Transfer of input data (prompts/content/metadata) to such providers is carried out only in the volume necessary for the operation of the respective function and within the framework of the DPA and the sub-processor list (formalized as an addendum to the DPA). 15.2.3. By default, the Provider does not use Client Data to train external models; training is permitted only on anonymized aggregated metrics or with a separate Client opt-in. 15.2.4. LLM outputs are probabilistic and may contain inaccuracies; the Client is obligated to conduct reasonable verification and not rely on them as legal, medical, financial, or other professional advice.

15.3. Connecting Integrations at Client’s Choice. When connecting external integrations (including SSO, calendars, CRM, storage), the Client confirms possession of rights to transmit data to such services, independent compliance with their terms, and setup of privacy/security parameters. The Client bears risks associated with incorrect integration setup on its side.

15.4. Liability and Restrictions. The Provider is not responsible for:

• a) the availability/quality/changes of third-party service functionality (including LLM providers);

• b) consequences of changes to their API/quotas/policies;

• c) incidents caused by failures/restrictions on the side of such services. However, the Provider takes reasonable measures for replacement/workarounds if commercially reasonable.

  15.5. Provider Changes and Replacements. The Provider is entitled at any time to replace, add, or disconnect a specific integration/vendor (including LLMs) if this does not lead to a significant degradation of the base functional scope under the active Subscription. The list of key sub-processors is formalized as an addendum to the DPA; changes are published in the manner specified in the DPA.

  15.6. Cross-border Processing. The use of specific providers (including LLMs) may involve cross-border data transfer. Such transfer is carried out under the legal mechanisms provided for by the DPA and applicable law; upon Client request, the Provider provides information regarding respective jurisdictions and vendors.

  15.7. Data Minimization and Masking. The Provider implements principles of minimization and, where functionally available, masking/anonymization of input data during LLM calls. The Client agrees not to transmit personal data and other sensitive information in prompts/content unless necessary to achieve the processing goal and provided for by functionality/contract.

  15.8. Licenses and Third-Party Rights. When using materials from external sources within integrations, the Client ensures possession of necessary rights/licenses and compliance with Data Owners' requirements (see Section 11). Publication/distribution of materials outside the Client's internal needs is permitted only subject to compliance with the terms of respective sources and the Agreement.

  15.9. Integration Security. Technical protection measures during data exchange with third-party services include encryption in transit and access control with tokens/keys. The Client is obligated to keep integration keys/secrets confidential and immediately revoke compromised keys. The Provider is entitled to temporarily block an integration upon suspicion of compromise (see Sections 5 and 13).

  15.10. Disconnection Upon Request. Upon the Client's reasoned request, the Provider may disconnect the use of specific integrations/providers (including LLMs) within the limits permissible by Platform architecture and commercial expediency. Such disconnection may result in functional limitation.

  15.11. Document Priority. Regarding personal data processing and sub-processors, the DPA and sub-processor page shall prevail; in the event of a conflict between this Section and the terms of a specific integration/order – the signed document shall prevail.

16. Intellectual Property

16.1. Provider’s Rights to the Platform. All rights to the gro.now Platform and its components – including, without limitation, software code, architecture, models/algorithms (incl. AI models), data schemes, design/UX, documentation, templates, SDK, API, as well as knowledge bases and other materials created or lawfully acquired by the Provider – belong to the Provider or are used by it on lawful grounds. This Agreement does not transfer any exclusive rights to such objects to the Client.

16.2. License to the Client for the Subscription Term. For the term of the paid Subscription, the Provider grants the Client a limited, non-exclusive, non-transferable license, without the right to sublicense, to access and use the Platform strictly in the volume of the selected plan, AUP, and other documents (cl. 1.5). Any use outside the specified volume requires separate written Provider consent.

16.3. Client Data and Results. Rights to Client Data and Results belong to the Client in accordance with Section 11. However, neither Client Data nor Results grant the Client rights to the Provider's IP objects (source code, models, algorithms, templates, etc.), even if the Results are generated by Platform tools.

16.4. Customizations and Task-Based Developments. Developments, modifications, and integrations performed by the Provider under an Addendum/Order belong to the Provider, unless otherwise directly agreed in such document. The Client is granted a license to use the results of such work within its business goals and integration with the Platform. If the Parties want a different distribution of rights (e.g., assignment/co-ownership), this is recorded in the text of the Addendum/Order.

16.5. Feedback. The Client may send comments, ideas, or improvement suggestions. The Client grants the Provider a royalty-free, irrevocable, perpetual, and worldwide license to use such feedback for Platform development/improvement without an obligation for attribution or any payments to the Client.

16.6. IP-Related Prohibitions. Without prior written Provider consent, the Client is not entitled to:

• a) copy, modify, adapt, distribute, or lease/rent the Platform or its parts;

• b) perform reverse engineering, decompilation, or bypass technical protection measures, except in cases directly permitted by law and the AUP;

• c) use the Platform and/or its results to train or improve its own models/systems intended for competing or similar functionality, or for benchmarking for the purposes of public publication without Provider consent;

• d) remove/modify copyright notices, trademarks, and other rights.

  16.7. Third-Party Components and Open Source. The Platform may include or use third-party components (incl. LLMs, open-source libraries). Such components may be subject to separate licenses/terms available via links in the documentation/interface. In the event of a conflict between such terms and this Agreement, the terms of the respective licenses shall apply – within the scope of using such components.

  16.8. Trademarks and Publicity. Trademarks, company names, and branding of the Parties are used only with their prior written confirmed consent, unless otherwise provided for by Section 23 (Publicity and Use of Marks).

  16.9. Limitation of Implied Rights. Except for rights expressly granted in the Agreement and/or orders, no licenses or rights are implied (including under the doctrine of estoppel). All rights not granted to the Client are explicitly reserved by the Provider.

  16.10. Residual Knowledge. Nothing in the Agreement prevents Provider employees/contractors from using non-confidential general knowledge, skills, and ideas retained in memory, provided that Client Confidential Information (Section 12) is not disclosed and the IP rights of the Client/third parties are not violated.

  16.11. Third-Party IP Infringement. The procedure for settling third-party claims of IP infringement by the Platform, as well as indemnification and remedies, are defined in Section 19 and this Section. The Provider may, at its choice: (i) modify the Platform; (ii) replace a component; (iii) obtain a license; or (iv) cease providing the affected functionality with a proportional payment adjustment (if applicable).

17. Warranties and Disclaimers

17.1. Mutual Base Warranties. Each Party represents and warrants that:

• (i) it is duly established and possesses the power to conclude and perform the Agreement;

• (ii) the person accepting terms/signing documents is authorized;

• (iii) performance does not violate mandatory rules of law and Party contracts.

  17.2. Provider's Limited Warranty. The Provider will provide access to the Platform and related Services with reasonable professional care and in substantial compliance with published documentation and the SLA. This warranty does not apply to:

• (i) use contrary to the Agreement/AUP/documentation;

• (ii) failures in third-party services/infrastructure of the Client/Internet;

• (iii) Trial Functions and test environments;

• ((iv) circumstances of force majeure.

  17.3. Disclaimer. 17.3.1. To the maximum extent permitted by law, the Platform, its functions (including generative/LLM components), Results (incl. those generated based on Open Source Data), and any related information are provided "as is" and "as available." 17.3.2. The Provider explicitly disclaims any express, implied, statutory, or other warranties, including without limitation warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy/completeness of data, and continuity/error-free operation outside the SLA. The Provider does not guarantee the achievement of any business results by the Client.

  17.4. LLMs and Analytics. LLM outputs and other AI results are probabilistic and may contain inaccuracies, bias, or omissions. They do not constitute legal, financial, medical, or other professional advice. The Client is obligated to check their suitability and correctness before using them in decision-making.

  17.5. Open Sources and External Services. Availability, composition, and quality of Open Source Data and functions of third-party services (including review services, listing sites, public maps, LLM/SSO/other integration providers) are not controlled by the Provider and may change or terminate without Provider fault. Relevant caveats and restrictions are set out in Sections 11 and 15.

  17.6. Client Warranties. The Client guarantees that:

• (i) it possesses all necessary rights to Client Data and its use in the Platform;

• (ii) it will comply with the Agreement, AUP, DPA, and applicable law;

• (iii) it will not rely on the Platform as a replacement for independent expertise/verification where required by law or the nature of a decision.

  17.7. Exclusive Remedy for Availability. For violations of service level indicators specified in the SLA, the sole remedy is service credits under the SLA (see Section 14); no other availability warranties are provided.

  17.8. Survival. The caveats of this Section shall act independently of Subscription/Agreement termination and supplement, but not replace, the provisions of Sections 11, 13–15, and 18.

18. Liability and its Limitations

18.1. General Rule. Each Party is liable for a breach of the Agreement within the limits established by this Section, only in the presence of fault and only for direct documentarily confirmed damage causally related to the breach and reasonably foreseeable at the time of Agreement conclusion.

18.2. Exclusion of Consequential Losses. The Provider is not liable for lost profit, loss of revenue/contracts/goodwill, business interruption, loss or corruption of data, or consequential, incidental, special, punitive, and other indirect losses, even if the Party was notified of the possibility of their occurrence, except in cases where such limitation is directly prohibited by applicable law.

18.3. Liability Cap. Each Party’s aggregate liability under the Agreement is limited to the amount of Fees actually paid by the Client under the Agreement for the 12 months immediately preceding the event causing liability (or if less than 12 months have passed – the amount paid for the actually elapsed period). 18.3.1. For trial/free access, the limit is 0 (zero), except in cases of intent or gross negligence. 18.3.2. All multiple claims/incidents in aggregate shall not exceed the specified limit.

18.4. Where the Liability Cap Does Not Apply. The limitation in cl. 18.3 does not apply to a Party's liability for:

• (i) intent or gross negligence;

• (ii) violation of obligations regarding confidential information (Section 12);

• (iii) confirmed violation of third-party IP rights by the Platform within the Provider's indemnification obligation described in cl. 19.1;

• (iv) violations of personal data requirements resulting from a Party’s breach of its DPA obligations;

• (v) undisputed debt amounts for rendered Services.

  18.5. Linked Documents and Sole Remedy. For SLA deviations, service credits under Section 14 shall apply, which are the sole remedy for service level indicator violations and are not combined with other compensations for the same periods/events.

  18.6. Third-Party Services and Open Sources. A Party is not liable for the inaccessibility/changes of third-party service functionality (incl. LLM, SSO, etc.) and/or for the composition/reliability of Open Source Data – see Sections 11 and 15. This restriction does not release the Parties from performing explicitly assumed DPA and security obligations.

  18.7. Damage Mitigation. Each Party is obligated to take reasonable measures to minimize damage. The Provider is entitled to apply workarounds/temporary recovery measures; their application is not considered a breach if it complies with the SLA/Agreement.

  18.8. Contributory Negligence and External Causes. A Party's liability is reduced proportionally to the fault/negligence of the other Party or the influence of circumstances beyond the control of the breaching Party (incl. third-party/source actions, Client/Internet infrastructure failures, force majeure – see Section 26).

  18.9. Form of Claims. Any claims for damages must be reasoned, contain a calculation and supporting documents, and be sent in accordance with Section 24. Undisputed parts are subject to payment in the general manner.

  18.10. Prevailing Nature of Restrictions. This Section applies regardless of the legal qualification of claims (contract, tort, etc.) and survives termination of the Agreement. If applicable law does not permit exclusion/limitation of liability – such exclusions/limitations shall apply to the maximum permissible extent.

19. Indemnification

19.1. Provider’s Indemnification Obligation. The Provider shall indemnify the Client for reasonable losses, expenses, and amounts under court decisions/settlement agreements (including reasonable legal costs) arising in connection with a third-party claim that the Platform, in its unmodified form, violates current IP rights of such third party in the applicable jurisdiction. 19.1.1. Remedies. In the event of such a claim, the Provider shall, at its choice and expense:

• a) modify or replace the respective functionality with a non-infringing equivalent; or

• b) cease provision of the affected functionality with the provision of a proportional credit/refund for the unused paid period (if applicable). 19.1.2. Exclusions. Indemnification is not provided if the claim is caused by:

• a) use of the Platform in combination with products/data/services not provided by the Provider;

• b) improper/unauthorized use contrary to the Agreement, AUP, and linked documents (see cl. 1.5);

• c) modifications performed not by the Provider;

• d) Trial Functions;

• e) third-party services/integrations or Open Source Data;

• f) Client materials (including Client Data, Results, Client publications).

  19.2. Client’s Indemnification Obligation. The Client shall indemnify the Provider for reasonable losses, expenses, and amounts under court decisions/settlement agreements (including reasonable legal costs) if a third-party claim is related to:

• a) Client Data, content of Surveys, questionnaires/scripts, Client publication/distribution of Results;

• b) Client violation of the AUP, applicable law, terms of sources/Data Owners, including restrictions on the use of Open Source Data (see Section 11);

• c) use of the Platform by third parties to whom the Client unlawfully provided access/allowed joint use of accounts or keys;

• d) claims from personal data subjects/regulators caused by Client breach of its DPA/statutory obligations;

• e) violation of third-party IP rights by Client materials or combinations/integrations performed by the Client.

  19.3. Procedure (Mandatory for both parties). The Party seeking indemnification is obligated to:

• (vi) immediately notify the other Party in writing of the claim (delay releases from liability to the extent of caused damage);

• (vii) grant exclusive control over defense and settlement to the Party obligated to indemnify (provided that a settlement imposing obligations/admitting fault on the other Party is allowed only with its written consent);

• (viii) provide reasonable assistance and documentation/data.

  19.4. Restrictions and Priorities. 19.4.1. Indemnification under cl. 19.1 is the sole and exclusive remedy for the Client regarding IP claims against the Platform. 19.4.2. Exclusions/liability limits of Section 18 apply, except for cases directly excluded from the limit (see cl. 18.4); however, the prohibition on recovering consequential losses (cl. 18.2) applies unless mandatory law dictates otherwise or agreed in writing. 19.4.3. Nothing in this Section restricts a Party’s right to preventive protection measures regarding confidential information (cl. 12.7).

  19.5. Consistency with Section 11 (Data Owners). For clarity: claims/restrictions originating from Data Owners or platforms due to Client use of Open Source Data and/or publication of Results outside internal needs are covered by the Client's indemnification obligation (cl. 19.2) and are regulated by Section 11 restrictions.

  19.6. Mitigation. Each Party agrees to cooperate in good faith to mitigate damage, take reasonable technical/organizational measures for risk mitigation, and not perform actions unreasonably increasing the potential indemnification volume.

20. Suspension and Termination

20.1. Grounds for Suspension (in full or in part). The Provider is entitled to temporarily suspend access to the Platform (Account, specific functions/integrations) upon the occurrence of any of the following grounds: 20.1.1. Non-payment: late payment for subscriptions or services. 20.1.2. AUP/Agreement Breach: use creating legal/security risks, violation of third-party rights, attempts to bypass restrictions, or unfair consumption. 20.1.3. Security Risks/Incident: confirmed or reasonably suspected compromise of credentials, API keys, unauthorized access, or malware distribution (see Section 13). 20.1.4. Sanctions/Export Control/Anti-Corruption: grounds under Section 22. 20.1.5. Legal/Regulatory Requirement: necessity to comply with mandatory norms/orders of state authorities. 20.1.6. Sources/Data Owners: restrictions from Data Owners/platforms or termination of access to sources (see Section 11), – regarding relevant functionality/data.

20.2. Suspension Procedure and Volume. Suspension is applied in the minimum necessary volume and for a duration sufficient to eliminate the causes. The Provider shall, where possible, send notification in advance or immediately after suspension (Section 22), except where immediate action is necessary to prevent damage.

20.3. Access Restoration. Access is restored no later than the next business day after the causes of suspension are eliminated (payment, confirmation of violation remediation, security measures, etc.). The Provider may request supporting documents/actions (incl. password change, token revocation, MFA enablement). Reactivation fees may apply for recurring suspensions caused by the Client's fault.

20.4. Termination at the Client’s Initiative. 20.4.1. Without Cause (Future): The Client is entitled to terminate the Subscription by disabling auto-renewal with cessation upon expiration of the current paid term. 20.4.2. Material Breach by Provider: The Client’s right to renounce the Agreement arises only after the following steps are performed sequentially: (i) Client submission of a request in the manner and terms provided by the SLA (opening an incident/ticket, providing info, requesting service credit, and other actions under SLA procedures), and failure to remediate the breach within the recovery/reaction times established by the SLA, or unreasonable Provider refusal to apply measures provided by the SLA; and (ii) Client submission of a written claim in the manner of cl. 21.2. If the breach is not remediated within 10 calendar days of receipt of the claim, the Client is entitled to renounce the Agreement. Deviation from target SLA metrics alone, while properly providing service credits, is not considered a material breach and does not grant the right to renounce, unless otherwise directly provided by the SLA/signed documents.

20.5. Termination at the Provider’s Initiative. 20.5.1. Material Breach by Client (incl. recurring/material AUP breach, late payment, DPA/Section 20 breach), not remediated within 10 calendar days of notification (or another reasonable term specified in the notice if security/legal risk requires faster remediation). 20.5.2. Inability to Lawfully Render Services: prolonged (over 30 days) inability to lawfully provide specific functions/data for reasons beyond the Provider's control (sanctions, Data Owner prohibitions, regulatory requirements). In such case, termination is allowed selectively regarding affected functions with proportional adjustment of future payments (where applicable).

20.6. Automatic Termination. The Agreement terminates automatically upon liquidation of a Party (except for reorganization with universal succession) or upon an effective court injunction against rendering Services to the Client.

20.7. Consequences of Termination. 20.7.1. Access: as of the termination date, access to the Platform ceases, except for the data export window described below. 20.7.2. Data/Results Export: within 30 calendar days of termination (unless otherwise specified in an order/DPA), the Client may request and perform export via available Platform tools. Upon expiration of this term, the Provider is entitled to delete or anonymize data according to standard procedures (backups are deleted by lifecycle). 20.7.3. Payments: all accrued and unpaid amounts are subject to payment within 10 calendar days of the termination date. Refunds are carried out under the rules described in the Pricing Rules https://www.gro.now/legal/pricing-rules. 20.7.4. Special Services/Addenda: Subscription termination does not automatically terminate the validity of signed Addenda/Orders, unless otherwise directly stated therein or in the termination notice; such documents continue to act regarding obligations provided for by their terms.

20.8. Survival. After termination, the following shall remain in effect: Section 9 (regarding arrears/taxes/reporting), Section 10 (AUP – for previously committed breaches), Section 11 (data and distribution restrictions), Section 12 (confidentiality), Section 13 (security – regarding incidents/disclosure), Clause 14.3 (service credits), Section 16 (intellectual property), Section 17 (disclaimers), Section 18 (liability limitations), Section 19 (indemnification), Section 21 (disputes), Section 22 (sanctions/export), and Section 23 (trademarks and mentions).

20.9. No Waiver of Claims. Suspension/termination does not release the Client from the obligation to pay for already rendered Services/add-ons/excess usage and does not deprive the Provider of the right to other remedies provided for by the Agreement and law.

20.10. Notification Procedure. Notices of suspension/termination are sent in the manner of Section 24. In case of emergency security measures, notice is permissible after suspension (with an explanation of causes and necessary restoration steps).

21. Law, Jurisdiction, and Disputes

21.1. Governing Law. This Agreement and all Party legal relations are governed by the substantive law of the Republic of Kazakhstan, regardless of conflict of law principles.

21.2. Pre-Trial Claim Procedure (Mandatory). 21.2.1. Before applying to a court/arbitration, the Parties are obligated to undergo a claim procedure. If a dispute concerns an incident, availability, metrics, or SLA measures, the Client first applies via SLA procedures and awaits the actions/deadlines established by the SLA. Only in the absence of proper settlement under the SLA may a claim be submitted under this clause. 21.2.2. A Party receiving a claim is obligated to send a reasoned response within 10 calendar days of its receipt. Regarding incidents/availability, reaction times for remediation are governed by the SLA, while the claim response term is governed by this clause. 21.2.3. If a dispute is not settled via SLA procedures and through the claim, the Party is entitled to seek resolution in court or arbitration as indicated below. 21.2.4. Failure to receive a response within the specified term or the rejection of a claim entitles a Party to seek dispute resolution as provided further in this Section. Undergoing the claim procedure does not restrict a Party’s right to seek interim measures.

21.3. Clients from RK (Courts). For Clients registered/having their place of residence in the Republic of Kazakhstan, all disputes, disagreements, or claims arising from or in connection with the Agreement shall be subject to final resolution in a judicial procedure in the competent court at the Provider's location.

21.4. Foreign Clients (IAC Arbitration). For Clients who are non-residents of the RK, all disputes, disagreements, and claims arising from or in connection with the Agreement (including issues of performance, breach, termination, or invalidity) shall be subject to final resolution at the International Arbitration Centre "IAC" (Republic of Kazakhstan, Almaty) in accordance with the following terms: 21.4.1. Rules and Composition: the dispute is considered according to IAC Rules; arbitration shall consist of a single arbitrator. 21.4.2. Place of Arbitration: Almaty, Republic of Kazakhstan. 21.4.3. Language of Arbitration: Russian. 21.4.4. Substantive Law: substantive law of the Republic of Kazakhstan. 21.4.5. Electronic Communications: for the purpose of shortening proceedings, IAC notices to the parties (regarding dates/times of sessions, definitions, copies of applications, motions, and materials), as well as submission of motions/applications by the parties to the IAC and sending of scan copies of documents, are allowed via e-mail to the IAC address iac@arbitration.kz, except where the IAC requires originals. 21.4.6. Party Addresses: electronic correspondence is conducted from the Parties' e-mail addresses specified in the "Full Details and Party Signatures" section of the respective Contract and/or Order and is recognized as proper. 21.4.7. Electronic Proceedings: dispute consideration is conducted in the form of electronic arbitration proceedings (video conference) using contact information for video communication specified by the Parties in the "Full Details and Party Signatures" section of the Contract and/or Order. 21.4.8. Confidentiality: arbitration proceedings are confidential, unless otherwise provided by IAC Rules or mandatory provisions of law.

22. Sanctions, Export Control, and Anti-Corruption

22.1. Compliance with Sanctions Regimes. Each Party represents and warrants that it, its affiliates, beneficiaries, directors, and key employees are not included in restrictive measure/sanction lists, including without limitation the sanction lists of the RK, UN, EU, UK, USA (OFAC/SDN), and other applicable jurisdictions, and are not under the control of persons in such lists.

22.2. Export Control and Prohibition of Circumvention. The Client agrees to comply with all applicable export control rules, dual-use restrictions, as well as prohibitions on re-export, circumvention, or facilitating circumvention of restrictions. The Platform and related technologies (incl. cryptographical tools, AI/LLM components, and encryption) may not be used in prohibited jurisdictions, for prohibited end-users, or purposes.

22.3. Due Diligence (KYC/AML). The Provider is entitled to request reasonable KYC/AML information and documents from the Client to confirm compliance with cl. 22.1–22.2. Failure to provide info or the identification of a violation grants the Provider the right to suspend Platform access and/or terminate the Agreement unilaterally.

22.4. Prohibition of Corrupt Practices. The Parties agree not to offer, promise, give, or accept unlawful remuneration, gifts, payments, or other benefits to any persons, including public officials, for the purpose of obtaining or retaining business, improper influence on decisions, or other violations of applicable anti-corruption legislation (RK, FCPA, UK Bribery Act, etc.).

22.5. Interaction with Government Bodies and Public Sectors. The Client guarantees compliance with all special requirements applicable to interaction with state customers/state property, including restrictions on gifts/fees, procurement transparency, and conflicts of interest. The Provider is entitled to request confirmation of such procedures when serving public sector projects.

22.6. Client Confirmations. The Client represents and warrants that:

• a) it will not use the Platform for transactions or projects violating sanction/export restrictions;

• b) it will immediately notify the Provider upon a change in status affecting compliance with this Section;

• c) it will ensure compliance with these requirements by its Users and contractors.

  22.7. Right to Refusal/Suspension. The Provider is entitled to refuse to conclude/renew a Subscription, suspend or restrict access, and terminate the Agreement with immediate effect if there are reasonable grounds to believe use of the Platform violates sanction/export/anti-corruption requirements or creates significant compliance risks.

  22.8. Compliance Audit. Upon reasoned Provider request, the Client shall provide confirmation (reasonable documents/statements) of compliance with this Section. Such request shall not unreasonably interfere with the Client's trade secrets and is carried out taking Section 12 (confidentiality) into account.

  22.9. Liability and Indemnification. Client breach of this Section is considered a material breach of the Agreement and may result in indemnification to the Provider for direct losses, fines, and expenses incurred due to such breach (taking Section 18 limits/exclusions and Section 19 procedure into account).

  22.10. Norm Priority. In the event of a contradiction between the norms of various jurisdictions, the Parties shall be guided by the most stringent applicable requirements that do not violate mandatory RK law. If specific restrictions make performance of the Agreement illegal or impossible, cl. 22.7 and Section 26 (force majeure) shall apply.

23. Publicity and Use of Marks

23.1. General Rule (opt-in). Use of company names, trademarks, logos, and other Party designations (hereinafter – "Marks") for external communications is permitted only with the prior written consent of the respective Party, unless otherwise allowed by this Section.

23.2. Client Textual and Visual Mentions (opt-out). 23.2.1. The Provider is entitled, without separate Client consent, to indicate the Client's name in text and/or using its logo/Marks in the list of Platform users on the site, in presentations, marketing materials, case studies, and press releases, subject to compliance with cl. 23.5 – 23.7. 23.2.2. Upon the Client's written request, the Provider shall cease further use of Marks/mentions and, within a reasonable term (usually up to 10 business days), delete/replace materials in controlled channels. 23.2.3. If the Client has not provided brand guidelines/Mark assets, the Provider is entitled to use publicly available versions of the designations at its discretion, acting in good faith and without distorting the Marks.

23.3. Case Materials and Reviews (opt-out). 23.3.1. Publication of case materials, excerpts from reviews, and other marketing materials is possible without separate special consent, provided that such materials do not disclose Confidential Information (Section 12) and do not contain commercially sensitive indicators without the Client's explicit consent. 23.3.2. The Client is entitled to send a request for the deletion/correction of specific materials; the Provider shall fulfill the request in the manner of cl. 23.2.2.

23.4. Mark License (by default). For the Subscription term, the Client grants the Provider a limited, non-exclusive, royalty-free, non-transferable license to use Marks for the purposes specified in cl. 23.2–23.3. The license acts by default (without a separate letter), may be revoked by the Client via written notice; upon revocation, the deletion procedure under cl. 23.2.2 applies. No other rights to Marks are granted.

23.5. Revocation of Consent and Termination of Use. A Party is entitled to revoke consent to use its Marks/materials if: (i) materials have lost relevance, (ii) brand guidelines are breached, (iii) use is misleading or harms business reputation. The other Party shall cease use and delete/update materials within a reasonable term (usually up to 10 business days) of notification.

23.6. Prohibition of Misleading Use. The Parties are not entitled to represent a partnership, exclusivity, endorsement, or sponsorship unless directly agreed; distortions of Platform use results and incorrect comparisons with competitors are prohibited.

23.7. Joint Events and PR. Joint webinars, press releases, publications, and appearances are possible by separate coordination of plan, content, and timing. Each Party is responsible for complying with third-party rights (photos/videos, quotes, statistics) and confidentiality/PD regimes (Section 12).

23.8. Confidentiality Preserved. This Section does not cancel the Confidential Information regime: publication of data constituting CI without separate written permission is prohibited; where a separate NDA exists – the NDA terms shall prevail.

23.9. Subscription Termination. Subscription termination automatically terminates the right to new use of Marks. Already published materials may be preserved in archives and passive channels (e.g., conference recordings, press releases, other published info), unless deletion is requested under cl. 23.5.

23.10. Absence of Remuneration. Granting the right to use Marks does not involve royalty payments or other remuneration, unless otherwise directly agreed by the Parties in writing.

24. Notifications

24.1. Communication Channels. Legally significant notifications and messages between the Parties are sent: 24.1.1. via e-mail to the addresses specified in the "Full Details and Party Signatures" section of the respective Contract/Order; 24.1.2. through the Platform interface (notifications/banners/support tickets – for operational messages, incidents, and SLA); 24.1.3. to the addresses specified on the Provider's "Legal Information" page or in the text of this agreement – only for notifications addressed to the Provider, unless the Contract/Order specifies a different special address; 24.1.4. via another method directly agreed upon by the Parties (e.g., through a dedicated ticket system or e-billing).

24.2. Form and Language. 24.2.1. For counterparties who are residents of EAEU member states, notices are sent in written form in Russian (a duplicate English version is permissible). 24.2.2. For counterparties who are non-residents of EAEU member states, notices are sent in written form in English.

24.3. Moment of Receipt (Presumption of Delivery). 24.3.1. E-mail – by the time of sending recorded on the sender's server, in the absence of a non-delivery report within 24 hours; if sent outside the recipient's Business Day – considered received at the start of the next Business Day. 24.3.2. Platform interface notifications – by the time of publication/display in the Client Account. 24.3.3. Post/courier shipments (where applicable) – by the mark of the delivery service regarding receipt. 24.3.4. For communications with the IAC within arbitration (cl. 21.4), the address iac@arbitration.kz and IAC Rules apply.

24.4. Special Channels. 24.4.1. Incidents and SLA – via support channels specified in the SLA/Support section; further legally significant messages on the same subject are permissible via e-mail under cl. 24.1.1. 24.4.2. Security/Leaks – to the Provider's dedicated security address with duplication via e-mail under cl. 24.1.1.

24.5. Modification of Notification Details. Each Party is obligated to maintain the currentness of its addresses/contacts. A change of notification address enters into force 1 Business Day after sending the respective message to the other Party at the previous address and publication (for the Provider) on the Provider's "Legal Information" page or in the text of this agreement, where applicable.

24.6. Trusted Senders and Access. Actions and messages from the Client Account Owner and other authorized users in the Platform interface are considered actions/messages of the Client. The Parties ensure their mail domains and communication channels do not block each other's messages (whitelisting).

24.7. Special Rule Priority. If the Agreement establishes special terms/channels (e.g., SLA) for a specific process, such special rules shall apply.

25. Transfer of Rights and Subcontracting

25.1. Assignment and Other Rights Disposal. The Client is not entitled to assign (transfer) rights and/or obligations under the Agreement, conclude collateral transactions with them, or otherwise dispose of them without prior written Provider consent, except for cases under cl. 23.2. Any attempt at transfer in breach of this clause is void.

25.2. Exceptions (Without Consent): 25.2.1. Client Change of Control/Reorganization. Assignment/transfer due to a change of control, reorganization, merger, or sale of a substantial part of Client assets to a third party is permitted subject to prior written Provider notification and succession to all Client obligations (incl. AUP, DPA, unpaid amounts). The Provider is entitled to refuse if such transfer leads to a breach of sanction/export requirements (Section 22) or to reasonable security/compliance risks. 25.2.2. Client Affiliates. The Client is entitled to transfer rights/obligations to an affiliate under the same ultimate control, with written notification at least 10 business days in advance and subject to joint and several liability with the affiliate until full performance of obligations.

25.3. Novation and Formalities. Upon Provider request, the Parties shall formalize a novation/tripartite agreement to transfer the contract to a successor. Until formalities are completed, the original Party remains liable under the Agreement.

25.4. Prohibition of Splitting and Circumvention. The Client is not entitled to split Subscriptions/accounts between persons who are not the Client or its affiliates, or to provide the Platform under sub-lease/outsourcing terms to third parties without written Provider consent (see cl. 5.15).

25.5. Provider Subcontractors. The Provider is entitled to engage subcontractors for performing the Agreement, including cloud service providers, integration providers, and LLM vendors; provided that: 25.5.1. The Provider remains responsible to the Client for the actions of such subcontractors as for its own. 25.5.2. Subcontractors processing personal data or involved in Service provision are considered sub-processors; DPA requirements apply to them, and the current list is published as a DPA addendum. 25.5.3. Engagement/replacement of significant sub-processors is carried out taking notification/objection procedures provided by the DPA into account; in case of critical Client dissent, the parties shall seek a workaround in good faith, otherwise Section 20 provisions apply.

25.6. Transfer of Local Access Rights. In the event of a contract transfer under cl. 25.2, the Client Account Owner is obligated to timely re-configure access/integrations and ensure data export/migration within Platform functionality (Section 11, 20).

26. Force Majeure

26.1. Force Majeure Concept. Neither Party shall be liable for full or partial non-performance of Agreement obligations if it resulted from circumstances of force majeure that the Party could not foresee or prevent via reasonable measures, including without limitation:

• a) natural disasters;

• b) fires;

• c) floods;

• d) earthquakes;

• e) epidemics/pandemics and associated restrictions;

• f) military actions;

• g) acts of terrorism and mass unrest;

• h) strikes and lockouts (except internal ones for the Party declaring force majeure, if they could have been prevented);

• i) acts and decisions of state bodies;

• j) sanctions/embargoes;

• k) export/import restrictions;

• l) large-scale failures in power grids/Internet/communication channels;

• m) prolonged (not caused by a Party) failures of cloud provider data centers/networks;

• n) other similar circumstances.

  26.2. Notification and Confirmation. A Party experiencing force majeure is obligated to notify the other Party without undue delay, describing the nature, expected duration, and impact on performance, and to provide available confirmations (where available – certificates from competent authorities/Chambers of Commerce). Failure to notify within a reasonable term deprives the Party of the right to rely on force majeure regarding preventable consequences.

  26.3. Suspension of Performance and Term Extension. For the duration of force majeure, the performance of respective Party obligations is suspended, and terms are proportionally extended. Obligations to pay for already rendered services and to settle accrued amounts are not removed by force majeure, except where the rendering of services itself has become legally/actually impossible.

  26.4. Mitigation. Each Party takes reasonable measures to minimize force majeure impact (incl. workarounds, load transfer, alternative communication channels) and regularly informs the other Party of the progress in eliminating consequences.

  26.5. SLA and Service Credits. Periods during which performance is impossible due to force majeure are excluded from SLA metric calculations; service credits are not accrued for such periods.

  26.6. Prolonged Action and Termination Right. If force majeure lasts continuously for over 30 calendar days and significantly prevents use of the Platform under the Agreement, either Party is entitled to terminate the Agreement (in full or regarding the affected functionality) via written notice. In case of partial/full termination under this clause, the Provider shall perform a proportional adjustment of future payments (where applicable). No refund of previously paid amounts shall be performed, unless directly provided by law or signed documents.

  26.7. Data Export During Force Majeure. Where possible, the Provider grants the Client a window to export Results and Client Data copies via available tools (see cl. 20.7.2). If export is impossible due to the nature of force majeure (e.g., regulatory prohibition/block), the export term is extended for a reasonable period after the obstacles cease.

  26.8. Non-Applicability to Monetary Obligations of the Other Party. Client monetary obligations for properly rendered Services are not considered affected by force majeure, except where payment execution is objectively impossible due to regulatory prohibitions/sanctions or systemic failures of payment infrastructure; in such cases, cl. 26.2–26.4 apply, and the Parties coordinate an alternative payment method.

27. Agreement Amendments

27.1. Online Version and Archive. The text of the Agreement and each linked document (cl. 1.5) is published at https://gro.now/legal. The public online version is considered authentic and contains the version identifier and publication date. Links to previous revisions of each document are posted at the end of its current revision.

27.2. Update Procedure. The Provider is entitled to amend the Agreement and linked documents (SLA, AUP, Pricing Rules, etc.) with notification to the Client in the manner of Section 24, unless otherwise provided by this Section or law.

27.3. Categories of Changes. For the purpose of determining the effective date, changes are divided into:

• a) non-essential/improving (cl. 27.4);

• b) essential (cl. 27.5);

• c) mandatory and urgent (cl. 27.7).

  27.4. Non-essential and Improving Changes (effective immediately). Editorial changes, clarifying changes, error corrections, technical changes, as well as those clearly improving terms for the Client (e.g., limit expansion without price increase, procedure clarification without increasing obligations, adding functions without restricting existing ones), apply from the moment the new revision is published.

  27.5. Essential Changes (tied to the Settlement Period). Changes that significantly affect Client rights or obligations (e.g., new usage restrictions, change in liability mechanics, new Client obligations, narrowing the Provider's obligation scope) enter into force subject to the following rules: 27.5.1. Monthly Subscription. For a Client with a monthly Subscription, essential changes enter into force from the start of the next Settlement Period occurring after the new revision is published. If fewer than 5 calendar days remain from publication until the start of the next Settlement Period, changes enter into force from the start of the following Settlement Period. 27.5.2. Annual or Other Long-term Pre-paid Subscription. For a Client who paid for a Subscription for a year or other long term in advance, essential changes enter into force 1 (one) calendar month after the publication date of the Agreement's new revision. 27.5.3. Commercial Term Changes. Essential changes affecting prices, the settlement procedure, auto-renewal procedure, limit calculation procedure, and refund/recalculation formulas do not apply to an already paid Subscription period and enter into force from the first Settlement Period following the expiration of the paid period. The commercial term modification procedure is additionally regulated by the Pricing Rules.

  27.6. Client Right in Case of Dissent. If the Client does not agree with essential changes, it is entitled to:

• a) for a monthly Subscription - disable auto-renewal prior to the start of the Settlement Period from which essential changes enter into force. In such case, the Subscription terminates upon expiration of the current paid period, and essential changes do not apply to the Client;

• b) for an annual or other long-term pre-paid Subscription — notify the Provider of dissent before the expiration of 1 calendar month from the publication date of the new revision and disable auto-renewal. In such case, the Subscription does not renew upon expiration of the paid period. Until expiration of the paid period, the previous Agreement revision applies to the Client regarding the part affected by essential changes, except for changes falling under cl. 27.7 (mandatory and urgent).

If the Client has not exercised the rights under this clause and continues Platform use after changes enter into force or renews the Subscription, this shall be considered acceptance of the changes.

27.7. Mandatory and Urgent Changes. Changes necessary for:

• a) compliance with law, regulatory requirements, or court acts;
• b) ensuring security, eliminating vulnerabilities, preventing abuse or damage;
• c) bringing the Agreement into compliance with changed terms of external services, integrations, platforms, data sources, or other third parties on which Platform operation depends —

may be applied immediately with parallel Client notification. Such changes are not considered essential in the part strictly necessary for complying with mandatory requirements or ensuring security.

27.8. Special Document Priority. If changes concern the DPA, SLA, AUP, or signed documents (Contract/Addendum/Order), the priority rules of Section 28 apply. In the event of a conflict between this Agreement and a signed document, the signed document shall prevail in the part it regulates.

27.9. Version Fixation for Orders. For a specific Order/signed Contract, the parties may fix a link/identifier of the Agreement version; in such case, the specified version applies to the relations under respective document until its expiration, unless otherwise directly agreed by the parties or required by law/security (cl. 27.7).

27.10. Change Qualification Differentiation. In case of doubt as to whether a change is essential, the Provider is guided by whether the change creates new obligations, restrictions, or materially significant adverse consequences for the Client compared to the previous revision. If such consequences do not arise, the change is considered non-essential.

28. Priority of Documents

28.1. General Principle. In the event of contradictions between documents regulating the Parties' relations, the following hierarchy applies (from highest to lowest level), unless otherwise directly stated in the respective document: 28.1.1. Signed documents between the Parties (Contract / Addendum / Order) – only in the part directly regulated by them; 28.1.2. This User Agreement; 28.1.3. SLA – regarding service levels, metrics, and service credits; 28.1.4. AUP (Acceptable Use Policy) – regarding usage prohibitions/restrictions; 28.1.5. Survey and Activity Rules – regarding use of Platform functionality for Client Activity launching; 28.1.6. Tariff Description (Tariff Page) and published specifications/limits – regarding current commercial and product parameters; 28.1.7. Pricing, Limits, and Settlement Rules – regarding the pricing procedure, limit calculation, invoicing/payment, auto-renewal, refunds, service credits, bonuses, Add-ons, Excess Usage, and other issues within their scope; 28.1.8. Security Policy – regarding procedures and technical measures; 28.1.9. Privacy Policy and Cookie Policy – regarding PD processing by the Provider as an operator; 28.1.10. DPA (Data Processing Agreement) – regarding PD processing when the Provider is a processor on the Client’s behalf; 28.1.11. API/SDK Terms – regarding access to the API/SDK.

28.2. Local Priority of Signed Documents. In the event of a conflict between this Agreement and the terms of a signed Contract/Addendum/Order, the signed documents shall prevail, but exclusively within their limited scope.

28.3. Special Rules. 28.3.1. For incidents/availability and reaction times, the SLA shall prevail; the claim procedure and renunciation rights follow cl. 20.4.2 and 21.4. 28.3.2. For personal data and cross-border transfer, the DPA shall prevail; for the API – API/SDK Terms shall prevail; for AUP violations – the AUP shall prevail.

28.4. Excluded from Contract. Marketing materials, presentations, advertising, and public statements (including site pages outside the "Legal Documents" section, except for the Tariff Page in parts defined by Pricing Rules) are not part of the contract and do not modify Party obligations, unless directly incorporated by a signed document.

28.5. Versioning. Agreement revisions in effect at the moment of acceptance/formalization of respective Order, or in the manner established by Section 27, shall apply. The revision archive is available at gro.now/legal.

29. Final Provisions

29.1. Entire Agreement. This Agreement together with the documents it references (see cl. 1.5) and documents signed by the Parties (Contract/Addenda/Orders) constitutes the entire agreement between the Parties and supersedes all prior arrangements regarding its subject matter.

29.2. Severability. If any provision is recognized as invalid/unenforceable, it shall be applied to the maximum permissible extent, while the remaining part of the Agreement remains in force. The Parties shall in good faith replace such provision with one equivalent in meaning and lawful.

29.3. No Waiver. Failure or delay in exercising any right under the Agreement does not constitute a waiver of it. A one-time waiver does not mean a future waiver and must be formalized in writing.

29.4. Independence of Parties. The Parties are independent contractors; the Agreement does not create partnership, agency, employment relations, a joint venture, or a franchise. Neither Party is entitled to make statements/assume obligations on behalf of the other without its written consent.

29.5. Succession Upon Change of Control. The Agreement remains in force upon a Party’s change of control/reorganization subject to Section 25 (transfer of rights and subcontracting).

29.6. Headers and Interpretation. Headers are provided for convenience and do not affect interpretation. Terms are interpreted according to Section 2 and context. The words "including/among other things" mean "including, but not limited to."

30. Previous Revisions:

• Version 1.0
• Version 1.1