Want to learn more?

✕ Close

Spare Master "Software as a Service" Agreement

SPARE MASTER "SOFTWARE AS A SERVICE" AGREEMENT

Last Modified: March 4, 2026

This Master “Software as a Service” Agreement (the “Agreement”) is entered into between Spare Labs Inc. (“Spare”), located at 300 - 601 Hastings St W, Vancouver, BC, Canada V6B 1M8 Suite, Vancouver, BC V6C 1B4, Canada, and the entity identified in the applicable Order Form (“Customer”). Spare and Customer are referred to individually as a “Party” and collectively as the “Parties”.

By executing an Order Form referencing this Agreement or accessing or using the Services provided by Spare, Customer acknowledges that it has read, understood, and agrees to be bound by this Agreement. This Agreement may be updated from time to time as described in Section 2.5, with the latest version available at spare.com/msa. Spare will update the “Last Modified” date to reflect changes. It is Customer’s responsibility to review the current version of this Agreement regularly.

RECITALS

  1. Spare’s Services: Spare provides software as a service (“SaaS”) for business application software and related services.
  2. Customer’s Intent: Customer desires to use Spare’s SaaS offerings, and both Parties agree to establish their respective rights, duties, and obligations as set forth in this Agreement.

NOW THEREFORE Spare and Customer hereby agree as follows:

1. DEFINITIONS

The following terms, as used in this Agreement, shall have the meanings set forth below. Additional defined terms may be included in this Agreement or in any applicable Order Form.

"API" means Application Programming Interface, a set of programming protocols and tools that allow software applications to communicate and interact with each other, including but not limited to those provided by Open Fleet Providers.

"Approved Open Fleet Provider" means a third-party transportation network company, such as Lyft or Uber, whose services are integrated and facilitated through the Spare Platform as part of the Open Fleets Services.

“Customer Data” means all data, content, and information submitted, uploaded, transmitted, or otherwise provided by or on behalf of Customer through the Services, including Personal Data.

“Data Protection Laws” means all applicable privacy and data protection laws, including, as applicable, PIPEDA, provincial privacy statutes, U.S. state privacy laws (including CCPA/CPRA), GDPR, and UK GDPR and as defined under Exhibit F.

“Effective Date” means the effective date specified in the applicable Order Form.

“Fees” means the amounts specified in the applicable Order Form, including but not limited to Subscription Fees.

“Order Form” means a written or electronic document executed by the Parties that details the Services, subscription period, Fees, and any other commercial terms agreed upon by the Parties.

“Personal Data” means any information relating to an identified or identifiable individual as defined under applicable Data Protection Laws.

“Services” means Spare’s software as a service (“SaaS”) offerings, as described in greater detail at spare.com, provided to Customer pursuant to one or more Order Forms.

"Rider" means an individual who utilizes transportation services booked or coordinated through the Spare Platform, including, without limitation, services provided by Approved Open Fleet Providers.

"Spare Open Fleets” means a feature of the Spare Platform that enables integration with Approved Open Fleet Providers to facilitate the booking, coordination, and provision of third-party transportation network services, subject to the terms set forth in Exhibit C (Open Fleets Terms).

“Subscription Fees” means the recurring fees payable for access to and use of the Services as outlined in the applicable Order Form.

“Term” means the duration of this Agreement or the applicable Order Form, as defined in Section 8.

2. SAAS SERVICES AND SUPPORT

2.1 Provision of Services: Spare will provide the Services and perform the related responsibilities as specified in this Agreement and any applicable Order Form, including any updates, implementation, modifications, enhancements, or replacements during the Term, in accordance with the terms of this Agreement. The complete list of Spare’s Services can be found here, which shall be governed by this Agreement.

2.2 Order Form Binding Nature. Order Forms are binding upon execution by both Parties. Customer’s right to use the Services is subject to the terms, conditions, restrictions, and parameters set forth in the executed Order Form(s). Services provided under an Order Form will be delivered for the duration specified therein.

2.3 Service Levels and Registration. Spare will use commercially reasonable efforts to deliver the Services in accordance with the Service Level Terms detailed in Exhibit A. During registration, Customer must designate an administrative username and password for its Spare account. Spare reserves the right to reject or deactivate usernames or passwords it deems inappropriate.

2.4 Technical Support. Spare will provide reasonable technical support as outlined in Exhibit B.

2.5 Amendments to Agreement. Spare may make non-material changes required to comply with applicable law or regulatory guidance, provided such changes do not materially reduce Customer’s rights or increase Customer’s obligations. Spare may amend this Agreement or any incorporated documents at its discretion by posting the revised terms at spare.com/msa. Spare will notify Customer of any material changes. The updated terms will become effective upon posting or on a later date specified by Spare. Customer’s continued use of the Services constitutes acceptance of such changes..

2.6 Multimodal Add-On Services. 

(a) Requirements for Data Quality and Format.  Customer acknowledges that Spare’s multimodal product requires accurate, up-to-date GTFS Schedule and GTFS Realtime data (including, without limitation, schedules, stops, and live vehicle location updates) for optimal performance. Such data must: (i) Be valid according to GTFS specifications such as those found at GTFS Documentation; (ii) Pass the GTFS Canonical Validator with no errors or warnings, and (iii) Comply with the “California Transit Data Guidelines” (or any such guidelines provided in writing by Spare).

(b) Professional Services for Data Quality Issues. Should the Customer’s GTFS data fail to meet the above requirements or otherwise be determined by Spare, acting reasonably, to be insufficient for the Multimodal Add-On, Customer agrees to either (i) provide the necessary corrections or (ii) compensate Spare for any services rendered to correct such issues at Spare’s professional services rates, as effective at the time of service.

(c) Customer Responsibility for Data Maintenance. Customer is responsible for the continuous maintenance and accuracy of its GTFS data. Spare shall bear no liability for inaccuracies, delays, or interruptions in the Multimodal Add-On resulting from errors or omissions in Customer-provided data.

2.7 Open Fleets Services. The terms set forth in Exhibit C (Open Fleets Terms) shall apply only if Customer elects to utilize Open Fleets by indicating such election in the applicable Order Form or otherwise agreeing in writing between the Parties. The terms of Exhibit C (Open Fleets Terms) shall apply in addition to this Agreement solely for the duration that Customer subscribes to Spare Open Fleets. In the event of any conflict between this Agreement and Exhibit C, the terms of Exhibit C shall govern solely with respect to Open Fleets.

3. RESTRICTIONS AND CUSTOMER RESPONSIBILITIES

3.1 Prohibited Actions. Customer shall not, directly or indirectly:

(i) Reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, underlying structure, ideas, or algorithms of the Services or any associated software, documentation, or data (the “Software”); 

(ii) Modify, translate, or create derivative works based on the Services or Software, except as expressly authorized by Spare; 

(iii) Use the Services or Software for timesharing, service bureau purposes, or any benefit to a third party; or 

(iv) Remove, alter, or obscure any proprietary notices or labels.

For any Software provided for use on Customer’s premises or devices, Spare grants Customer a limited, non-exclusive, non-transferable, and non-sublicensable license to use the Software solely during the Term and only in connection with the Services.

3.2 Compliance with Laws. Customer represents and warrants that its use of the Services will comply with all applicable laws, regulations, and requirements. Customer agrees to indemnify and hold harmless Spare from any claims, losses, or expenses, including reasonable attorneys’ fees, arising from Customer’s violation of this provision or its misuse of the Services. Spare reserves the right to monitor Customer’s use of the Services and may suspend access to the Services for suspected violations.

3.3 Customer Data Responsibilities. Customer is solely responsible for:

(i) Inputting, protecting, and backing up all data used in connection with the Services;

(ii) Providing accurate and complete information necessary for Spare to integrate and deliver the Services; and

(iii) Ensuring that any errors or omissions in data or processes do not adversely impact Service performance.

Spare is not liable for Service disruptions or reduced quality caused by Customer’s actions, inactions, or inaccurate data. Customer is responsible for all costs associated with integrating its specific data into Spare’s platform unless expressly agreed otherwise in the applicable Order Form.

3.4 Equipment and Security. Customer is responsible for obtaining and maintaining all equipment and ancillary services necessary to access and use the Services, including modems, hardware, servers, software, networking, and web services (“Equipment”). Customer shall:

(i) Maintain the security of Equipment, account credentials, and files; and

(ii) Be responsible for all activity under its account, whether authorized or not.

3.5 Legal Compliance. Customer shall comply with all applicable local, state, provincial, federal, and international laws in its use of the Services.

3.6 End User Terms and Privacy Compliance. Customer is solely responsible for: 

(i) Providing its end users with terms of service and a privacy policy governing their use of the Services, which shall form an agreement between Customer and the end user; and

(ii) Securing all necessary permissions or lawful bases for the collection, use, and processing of end users’ personal information by Spare as part of the Services.

3.7 Data Quality for Data Imports. Customer acknowledges that Spare is not liable for issues arising from the quality, accuracy, completeness, or format of data provided by Customer or third parties for import into Spare’s platform. Customer agrees to ensure all data meets Spare’s specified standards for quality, accuracy, and format. Should Spare be required to process or correct non-compliant data, Spare reserves the right to charge additional fees at its then-current professional services rates. Spare may also engage third-party providers to assist, with Customer bearing any resulting additional costs.

4. CONFIDENTIALITY

4.1 Definition of Confidential Information

For purposes of this Agreement, “Confidential Information” means all non-public, proprietary, trade secret, or sensitive business, technical, commercial, financial, operational, strategic, security, or personal information disclosed or made available by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”), whether disclosed orally, visually, electronically, digitally, in writing, through system access, or by inspection of tangible objects, that:

(a) is designated as confidential at the time of disclosure;

(b) is identified as confidential within a reasonable time after disclosure; or

(c) reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure.

Confidential Information includes, without limitation:

  1. With respect to Spare:
    • non-public information concerning the architecture, source code, object code, design, algorithms, APIs, system configurations, security controls, penetration test results, infrastructure, documentation, pricing, commercial terms, product roadmap, service levels, performance data, and technical specifications of the Services;
    • proprietary methodologies, know-how, inventions, processes, and trade secrets.
  2. With respect to Customer:
    • Customer Data;
    • Personal Data;
    • operational data, ridership data, transit system data, financial information, internal policies, procurement materials, and strategic plans;
    • any non-public information relating to Customer’s operations or end users.

Confidential Information also includes the terms and conditions of this Agreement, Order Forms, pricing, security documentation, audit reports, and all non-public communications between the Parties.

For clarity:

  • Personal Data is Confidential Information and is additionally governed by the Data Protection provisions of this Agreement.
  • Trade secrets are deemed Confidential Information regardless of designation.

4.2 Use and Protection of Confidential Information

The Receiving Party shall:

(a) use Confidential Information solely for the purpose of performing its obligations or exercising its rights under this Agreement (“Permitted Purpose”);

(b) not use Confidential Information for any competitive purpose or for the benefit of any third party;

(c) protect Confidential Information using at least the same degree of care it uses to protect its own confidential information of similar nature, and in no event less than a commercially reasonable standard of care consistent with industry practice;

(d) implement appropriate administrative, physical, and technical safeguards to prevent unauthorized access, disclosure, alteration, or destruction of Confidential Information;

(e) restrict access to Confidential Information strictly to those of its employees, officers, directors, contractors, affiliates, and professional advisors who:

  • have a legitimate need to know for the Permitted Purpose; and
  • are bound by written confidentiality obligations no less protective than those contained herein;

(f) be responsible for any breach of this Section by its personnel, affiliates, or subcontractors.

4.3 Prohibition on Disclosure

The Receiving Party shall not disclose Confidential Information to any third party except:

(a) as expressly authorized in writing by the Disclosing Party;

(b) to approved subcontractors or affiliates bound by confidentiality obligations consistent with this Agreement;
(c) as required by applicable law, regulation, or valid court order, subject to Section 4.6 below.

No implied rights or licenses are granted under this Section.

4.4 Personal Data and Regulatory Information

To the extent Confidential Information includes Personal Data:

(a) such Personal Data shall be processed strictly in accordance with applicable Data Protection Laws and the Data Protection provisions of this Agreement;

(b) nothing in this Section grants the Receiving Party any independent right to process Personal Data beyond what is expressly permitted under this Agreement;

(c) the Receiving Party shall not de-identify, aggregate, or otherwise manipulate Personal Data except as expressly permitted under the Agreement.

4.5 Trade Secrets

Each Party acknowledges that certain Confidential Information may constitute trade secrets under applicable law. The Receiving Party shall exercise the highest standard of care in protecting trade secrets and shall not reverse engineer, disassemble, or otherwise attempt to derive trade secrets from Confidential Information.

4.6 Required Disclosure

If the Receiving Party is required by law, regulation, subpoena, public records request, or court order to disclose Confidential Information, it shall:

(a) provide prompt written notice to the Disclosing Party (to the extent legally permitted);

(b) cooperate with the Disclosing Party, at the Disclosing Party’s expense, in seeking confidential treatment, protective orders, or limitations on disclosure;

(c) disclose only the portion of Confidential Information legally required; and

(d) use reasonable efforts to ensure that confidential treatment is afforded to the disclosed information.

For public-sector customers subject to freedom of information legislation, the Parties acknowledge that disclosure may be required by statute, and Spare’s Confidential Information shall be treated as third-party confidential commercial information to the maximum extent permitted by law.

4.7 Exclusions

Confidential Information does not include information that the Receiving Party can demonstrate by contemporaneous written records:

  1. is or becomes publicly available without breach of this Agreement;
  2. was lawfully known to the Receiving Party prior to disclosure;
  3. was lawfully obtained from a third party without restriction;
  4. was independently developed without use of or reference to the Confidential Information.

The burden of proof rests on the Receiving Party.

4.8 Duration of Confidentiality Obligations

The obligations under this Section:

(a) commence upon first disclosure of Confidential Information;

(b) continue for the Term of the Agreement; and

(c) survive termination or expiration of the Agreement for:

  • five (5) years with respect to general Confidential Information; and
  • indefinitely with respect to trade secrets and Personal Data, for so long as such information remains confidential or subject to Data Protection Laws.

4.9 Return or Destruction

Upon termination or upon written request of the Disclosing Party, the Receiving Party shall:

(a) promptly return or securely destroy all Confidential Information, including copies;

(b) certify in writing that such return or destruction has occurred, if requested;

provided that:

  • the Receiving Party may retain archival copies solely for legal, regulatory, or backup purposes;
  • retained copies remain subject to this Section.

Personal Data shall be returned or deleted in accordance with the Data Protection provisions of this Agreement.

4.10 Remedies

The Parties acknowledge that unauthorized disclosure or use of Confidential Information may cause irreparable harm for which monetary damages may be insufficient. Accordingly, the Disclosing Party shall be entitled to seek:

(a) injunctive relief;

(b) equitable relief; and

(c) any other remedies available at law or equity,

without the requirement to post bond.

4.11 No Public Announcements

Except as expressly permitted under the Marketing clause of this Agreement, neither Party shall issue any press release or public announcement referencing the other Party or this Agreement without prior written consent.

5. DATA PROTECTION AND PERSONAL DATA

5.1 Roles of the Parties

To the extent Customer Data includes Personal Data subject to applicable Data Protection Laws (including GDPR and UK GDPR), Customer acts as Controller and Spare acts as Processor. Spare shall process Personal Data:

(a) solely on documented instructions from Customer, including as necessary to provide the Services;

(b) in accordance with Article 28 GDPR;

(c) in compliance with applicable Data Protection Laws.

5.2 No Transfer of Ownership of Personal Data

Customer retains all right, title, and interest in and to Customer Data, including all Personal Data contained therein. Nothing in this Agreement transfers ownership of Personal Data to Spare. Spare shall not acquire any rights in Personal Data other than the limited right to process such data strictly in accordance with this Agreement.

6. INTELLECTUAL PROPERTY RIGHTS

6.1 Customer Data and Customer-Owned Materials

(a) Ownership

Customer retains all right, title, and interest, including all intellectual property and proprietary rights, in and to:

  1. Customer Data;
  2. Customer’s trademarks, logos, brand assets, and materials;
  3. any pre-existing software, documentation, or materials owned or licensed by Customer (“Customer Background IP”).

Nothing in this Agreement transfers ownership of Customer Data or Customer Background IP to Spare.

(b) License to Spare

Customer grants Spare a limited, non-exclusive, non-transferable, non-sublicensable (except to authorized subcontractors), worldwide license during the Term to:

  • access, host, process, transmit, display, and use Customer Data
  • solely as necessary to provide, maintain, support, secure, and improve the Services
  • in accordance with this Agreement and applicable Data Protection Laws.

This license automatically terminates upon expiration or termination of the Agreement, subject to any data retention obligations expressly permitted under the Agreement.

(c) Restrictions

Spare shall not:

  • sell, license, or commercially exploit Customer Data;
  • reverse engineer Customer Background IP; or
  • use Customer Data for competitive purposes.

Except for the limited license expressly granted herein, Customer retains all rights in Customer Data and Customer Background IP. No rights or licenses are granted by implication, estoppel, course of dealing, or otherwise.

6.2 Spare Intellectual Property

(a) Ownership of Services and Technology

Spare retains all right, title, and interest in and to:

  1. the Services and Software;
  2. the Spare platform architecture, source code, object code, algorithms, APIs, databases, workflows, UI/UX elements, and system designs;
  3. all improvements, enhancements, updates, modifications, derivative works, and configurations thereof;
  4. all related technology, methodologies, tools, libraries, templates, documentation, trade secrets, know-how, and inventions; and
  5. all associated intellectual property rights worldwide (collectively, “Spare IP”).

The Services are licensed, not sold.

(b) Custom Developments and Configurations

Unless expressly agreed otherwise in a signed writing:

  • Any custom configurations, integrations, implementations, workflows, reports, feature modifications, enhancements, or derivative works developed by Spare in connection with the Services shall constitute Spare IP.
  • Payment of implementation or professional services fees does not create ownership rights in the Services or underlying technology.
  • Customer receives only the limited right to access and use such customizations during the applicable Term.

(c) Reservation of Rights

Except for the limited rights expressly granted under this Agreement:

  • Spare retains all rights in Spare IP; and
  • Customer retains all rights in Customer Data.

6.3 Feedback

If Customer or its personnel provide suggestions, comments, enhancement requests, or other feedback relating to the Services (“Feedback”):

(a) Customer grants Spare a perpetual, irrevocable, royalty-free, worldwide, transferable license to use, modify, incorporate, commercialize, and exploit such Feedback without restriction or obligation;

(b) Feedback shall not be deemed Customer Confidential Information unless expressly designated as such;

(c) Spare shall not be obligated to implement any Feedback.

Feedback does not include Customer Data.

6.4 Residual Knowledge

Nothing in this Agreement restricts Spare from using general knowledge, skills, experience, ideas, concepts, know-how, and techniques retained in the unaided memory of its personnel, provided that:

  • such use does not involve disclosure of Confidential Information; and
  • such use does not result in the unauthorized use of Customer Data.

6.5 No Implied Licenses

Except for the limited rights expressly granted:

  • No ownership interest in Spare IP is transferred;
  • No license is granted by implication, estoppel, course of dealing, or otherwise;
  • No rights to source code, underlying architecture, or platform technology are granted.

6.6 Open Source Software

To the extent the Services incorporate open-source components:

  • Such components are governed by their applicable open-source licenses;
  • Nothing in this Agreement expands Customer’s rights beyond those licenses;
  • Spare represents that it will not incorporate open-source software in a manner that would require disclosure of proprietary source code.

6.7 Trademarks

Each Party retains ownership of its respective trademarks and brand assets. Except as expressly permitted under the Marketing clause, neither Party may use the other Party’s trademarks without prior written consent.

6.8 No Joint Ownership

Nothing in this Agreement shall be construed to create joint ownership of intellectual property unless expressly stated in a written instrument signed by both Parties.

7. FEES

7.1 Payment of Fees. Customer shall pay Spare the applicable fees specified in any executed Order Form (“Fees”). If Customer’s usage of the Services exceeds the Service Capacity outlined in the Order Form or otherwise incurs additional charges, Customer will be billed for such overages and agrees to pay these charges as provided herein.

Spare reserves the right to modify Fees or introduce new charges at the end of the Term or any renewal term, provided that Spare gives Customer at least thirty (30) days’ prior written notice (which may be sent via email). All Fees are non-refundable once paid. If Customer disputes a charge, Customer must notify Spare within sixty (60) days of the billing statement date to be eligible for an adjustment or credit.

7.2 Billing and Payment Terms. Spare may issue invoices for the Fees, which Customer shall pay in full within thirty (30) days of the invoice date or as stated in the applicable Order Form. Any unpaid amounts may accrue interest at the lesser of 1.5% per month or the maximum rate permitted by applicable law. Customer agrees to reimburse Spare for all reasonable costs incurred in collecting overdue payments, including legal fees. Failure to pay overdue amounts may result in suspension or termination of the Services.

7.3 Taxes. Unless expressly stated otherwise, Fees do not include any applicable taxes, levies, duties, or similar governmental assessments, including value-added, goods and services, harmonized, use, or withholding taxes (“Taxes”). Customer is responsible for paying all Taxes associated with its purchases under this Agreement, excluding taxes based on Spare’s net income or property. If Spare is required by law to collect Taxes on behalf of a taxing authority, such Taxes will be included on the invoice and paid by Customer, unless Customer provides a valid tax exemption certificate.

7.4 Payment Schedule. Customer shall pay Fees in accordance with the schedule specified in the applicable Order Form.

7.5 Annual Fee Adjustments. On each anniversary of the Effective Date during the Term, Spare may increase the Fees by  11.4%, with such increase applying prospectively to the following contract year, subject to applicable public-sector procurement requirements where required.

7.6 Implementation Support Services (“ISS”) Fees

i. Implementation Fees. The Parties agree that the ISS constitute professional services separate and distinct from the subscription to the Platform. The fees for ISS are payable upon execution of this Agreement or upon completion of applicable milestones. ISS provide standalone value to the Customer and may be performed independently of Customer’s ongoing use of the Platform. Customer shall pay the ISS fees specified in the applicable Order Form (the “Implementation Fees”). For internal budgeting or procurement purposes, Customer may classify the Implementation Fees as capital or capitalized expenditures (“CAPEX”); however, such classification is solely for Customer’s internal accounting purposes and does not affect the nature of the Services or Spare’s revenue recognition treatment.

ii. Nature of Services. The Implementation Fees may include, but is not limited to the following activities: 

A. Project Management & Implementation Planning

  • Implementation kick-off and project planning
  • Development of a customer-specific implementation roadmap
  • Creation of deployment architecture documentation
  • Project governance and milestone management

B. Solution Design & Technical Architecture

  • Customer workflow analysis
  • Service design workshops
  • Development of solution architecture
  • Integration architecture documentation
  • Operational deployment design

C. System Configuration & Environment Setup

  • Configuration of customer environment
  • User roles and access permissions
  • Operational parameters and service rules
  • Security and compliance configuration

D. Integration Services

  • API configuration
  • Third-party system integrations
  • Fare system integration
  • data exchange setup
  • municipal / transit system integrations

E. Data Migration & Data Structuring

  • Data cleansing and validation
  • Data mapping and migration
  • Operational data configuration

F. Testing & Validation

  • System testing
  • Integration testing
  • User acceptance testing support
  • Operational readiness validation

G. Training & Knowledge Transfer

  • Administrator training
  • Operational training
  • Documentation delivery
  • Knowledge transfer sessions

H. Go-Live Support

  • Deployment support
  • Operational readiness checks
  • Launch monitoring

iii. No Ownership or Standalone Rights. Customer acknowledges that no ownership interest, intellectual property rights, or license in or to the ISS is conveyed through payment of the Implementation Fees, other than the limited, non-exclusive right to use the ISS during the applicable Term in accordance with this Agreement.

v. Termination. In the event the Subscription Services terminate for any reason, Customer acknowledges that the ISS activities are deemed fully performed as part of Spare’s obligation to provide access to the Services, and the Implementation Fees shall be non-refundable.

8. TERM AND TERMINATION

8.1 Term. This Agreement commences on the date Customer signs an Order Form and remains in effect for the duration specified in the Order Form (the “Term”). Unless otherwise specified in the Order Form, each Order Form will automatically renew for successive one-year periods unless either Party provides written notice of non-renewal at least sixty (60) days prior to the end of the then-current Term. 

8.2 Termination. Either Party may terminate this Agreement: (i) Upon thirty (30) days’ written notice to the other Party in the event of a material breach of this Agreement, provided that such breach is not cured within the notice period; or (ii) Immediately, without prior notice, in the event of nonpayment by Customer. Customer shall pay all Fees due for Services provided up to and including the effective date of termination.

8.3 Survival. The provisions of this Agreement that, by their nature, are intended to survive termination or expiration shall remain in effect.

9. WARRANTY AND DISCLAIMER

9.1 Limited Service Warranty

(a) Performance Warranty

Spare warrants that, during the applicable Term:

(i) the Services will materially conform to the functional specifications described in the applicable Order Form and documentation;

(ii) the Services will be provided in a manner consistent with commercially reasonable industry standards for software-as-a-service providers; and

(iii) Implementation Services and professional services, if any, will be performed in a professional and workmanlike manner by personnel with appropriate skills and experience. Customer’s sole and exclusive remedy for breach of the foregoing warranty shall be:

  • correction of the non-conforming Services; or
  • re-performance of the deficient services.

(b) Compliance with Law

Spare warrants that it will provide the Services in material compliance with applicable laws and regulations generally applicable to Spare’s provision of SaaS services. Spare does not warrant that Customer’s specific use of the Services will comply with laws applicable to Customer’s business, and Customer remains solely responsible for regulatory compliance applicable to its operations.

(c) Security Controls

Spare warrants that it maintains commercially reasonable administrative, technical, and organizational security measures designed to protect Customer Data against unauthorized access, use, alteration, or disclosure, consistent with industry standards. Spare does not warrant that the Services are immune from all cyber threats or security incidents.

(d) Service Availability

Spare will use commercially reasonable efforts to maintain service availability consistent with the applicable Service Level Terms. The Services may be temporarily unavailable due to:

  • scheduled maintenance;
  • emergency maintenance;
  • force majeure events;
  • internet service provider failures;
  • third-party service disruptions; or
  • acts or omissions of Customer.

Spare will use commercially reasonable efforts to provide advance notice of scheduled maintenance.

9.2 Customer Warranties

Customer represents and warrants that:

(a) it has all rights, permissions, and lawful bases required to provide Customer Data to Spare;

(b) its use of the Services will comply with applicable law;

(c) Customer Data will not infringe or misappropriate the intellectual property or privacy rights of any third party.

9.3 Mutual Authority Warranty

Each Party represents and warrants that:

(a) it has full power and authority to enter into this Agreement;

(b) this Agreement constitutes a binding obligation; and

(c) execution of this Agreement does not violate any other agreement binding on it.

9.4 Disclaimer of Warranties

EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTION 9.1:

THE SERVICES, SOFTWARE, AND IMPLEMENTATION SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SPARE DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING:

  • IMPLIED WARRANTIES OF MERCHANTABILITY;
  • FITNESS FOR A PARTICULAR PURPOSE;
  • NON-INFRINGEMENT;
  • TITLE;
  • QUIET ENJOYMENT;
  • ACCURACY OR COMPLETENESS;
  • WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.

SPARE DOES NOT WARRANT THAT:

  • THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE;
  • DEFECTS WILL BE CORRECTED WITHOUT DELAY;
  • THE SERVICES WILL MEET CUSTOMER’S SPECIFIC BUSINESS REQUIREMENTS;
  • THE SERVICES WILL ACHIEVE ANY PARTICULAR OUTCOME OR RESULT;
  • THIRD-PARTY SERVICES OR INTEGRATIONS WILL BE CONTINUOUSLY AVAILABLE.

9.5 Beta or Evaluation Features

Any beta, trial, pilot, or evaluation features are provided without warranty of any kind and may be discontinued at any time.

9.6 Exclusive Remedies

The remedies expressly set forth in this Section constitute Customer’s sole and exclusive remedies for breach of warranty. No oral or written information or advice given by Spare shall create any warranty not expressly stated in this Agreement.

10. INDEMNITY

10.1 Spare’s Indemnity Obligations. Spare shall defend, indemnify, and hold harmless Customer against any third-party claims alleging that the Services infringe a United States patent, copyright, or misappropriate a trade secret, provided that: 

(i) Customer promptly notifies Spare in writing of the claim; 

(ii) Customer provides Spare with all reasonable assistance, at Spare’s expense, in defending the claim; and 

(iii) Spare retains sole control over the defense and settlement of the claim. Spare shall not be liable for any settlement or compromise made by Customer without Spare’s prior written approval.

10.2 Exclusions from Indemnity. Spare’s indemnity obligations do not apply if the claim arises from: 

(i) Components, portions, or data within the Services not supplied by Spare; 

(ii) Modifications made to the Services at Customer’s request or direction; 

(iii) Use of the Services in combination with other products, processes, or materials, where the alleged infringement relates to such combination; 

(iv) Continued use of the Services after Spare provides Customer with modifications, alternatives, or instructions to avoid infringement; or 

(v) Use of the Services outside the scope permitted by this Agreement.

10.3 Remedies for Infringement Claims. If the Services are determined to infringe, or if Spare reasonably believes they may infringe, Spare may, at its sole discretion and expense: 

(i) Modify or replace the Services to eliminate the infringement while maintaining substantially equivalent functionality; 

(ii) Obtain a license for Customer to continue using the Services; or 

(iii) Terminate the affected Services or this Agreement and provide Customer with a prorated refund of any prepaid, unused fees for the Services.

10.4 Insurance Coverage and Subrogation. Spare’s indemnity obligations under this section shall first be satisfied through its applicable insurance coverage. Customer agrees to pursue recovery directly from Spare’s insurer for any claims covered by such insurance, including claims brought by end-users. Customer waives any right to recover damages from Spare beyond the scope and limits of Spare’s actual insurance coverage. Indemnity obligations under this section extend to third-party claims, including those brought by end-users, provided such claims are covered by Spare’s applicable insurance policy.

11. LIMITATION OF LIABILITY

EXCEPT FOR BODILY INJURY OR DEATH CAUSED BY SPARE’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, SPARE’S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID BY CUSTOMER TO SPARE FOR THE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM. TO THE MAXIMUM EXTENT PERMITTED BY LAW, SPARE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, EXEMPLARY, SPECIAL, OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, BUSINESS, OR DATA, OR THE COSTS OF SUBSTITUTE GOODS OR SERVICES, WHETHER ARISING UNDER CONTRACT, TORT, OR ANY OTHER THEORY OF LIABILITY, EVEN IF SPARE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CUSTOMER FURTHER WAIVES ANY RIGHT TO BRING CLAIMS OR LAWSUITS AGAINST SPARE EXCEPT TO THE EXTENT SUCH CLAIMS ARE COVERED BY SPARE’S INSURANCE. THIS WAIVER APPLIES TO CLAIMS BASED ON NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF RECOVERY

12. MISCELLANEOUS

12.1 This Agreement constitutes the entire understanding between the Parties and supersedes all prior agreements, communications, or understandings related to its subject matter. Any modifications or waivers must be in writing and signed by both Parties. If any provision of this Agreement is determined to be invalid or unenforceable, it shall be limited or removed to the minimum extent necessary, and the remaining provisions will remain in full force and effect. Nothing in this Agreement creates a partnership, joint venture, agency, or employment relationship between the Parties, and Customer has no authority to bind Spare in any way or act on Spare’s behalf without express written authorization. The provisions of this Agreement that, by their nature, should survive termination or expiration shall remain in effect, including but not limited to payment obligations, confidentiality obligations, warranty disclaimers, limitations of liability, indemnity obligations, and intellectual property rights.

12.2 Customer may not assign, transfer, or sublicense its rights or obligations under this Agreement without Spare’s prior written consent. Spare may assign or transfer its rights or obligations under this Agreement in Spare’s reasonable discretion. 

12.3 Notices under this Agreement must be in writing and are deemed given: 

(i) upon receipt, if delivered personally or by courier; 

(ii) when receipt is confirmed electronically, if sent by email; 

(iii) the day after dispatch, if sent for next-day delivery by a recognized courier; or 

(iv) upon receipt, if sent by certified mail with return receipt requested. 

This Agreement shall be governed by and construed in accordance with the laws of the Province of British Columbia, Canada, without regard to its conflict of laws principles. 

Customer agrees to reasonably cooperate with Spare upon request, including serving as a reference account or providing feedback on Spare’s services.

12.4 Privacy Policy. Spare’s Privacy Policy, available at https://spare.com/privacy-policy is incorporated into this Agreement by reference. Customer acknowledges and agrees to Spare’s practices regarding the collection, use, and processing of data as outlined in the Privacy Policy.

12.5 Force Majeure. Neither Party shall be liable for any failure or delay in performance caused by circumstances beyond its reasonable control, including acts of God, pandemics, natural disasters, cyberattacks, government actions, or utility failures, provided the affected Party promptly notifies the other Party of the force majeure event and uses reasonable efforts to mitigate its impact.

12.6 Spare shall not be responsible for any liquidated damages, penalty damages, or similar pre-estimated damages that are disproportionate to Spare’s actual and proven damages. Any agreed service credits shall represent a genuine pre-estimate of damages and shall constitute Customer’s exclusive remedy for the applicable service failure.

12.7 Marketing And Publicity Rights. Customer grants Spare a limited, non-exclusive, royalty-free license to use Customer’s name, logo, and trademarks solely to identify Customer as a user of the Services in marketing materials, website listings, and case studies, subject to compliance with Customer’s brand guidelines (if provided), prior written approval for any press release or formal announcement referencing Customer, and compliance with applicable public-sector procurement or disclosure restrictions. Customer may revoke such marketing consent upon reasonable written notice for legitimate regulatory or public-sector reasons.

12.8 Participating Entity and Affiliated Use. If Customer is a governmental body, publicly funded entity, regional transit agency, or similar organization, Spare may, at its sole discretion, permit Customer’s affiliates, subsidiaries, regional agencies, departments, or other related entities (each, a “Participating Entity”) to purchase Services under this Agreement without requiring a separate procurement process. Each Participating Entity must enter into its own separate Order Form or written agreement directly with Spare and shall agree to be bound by all applicable terms, conditions, limitations of liability, and obligations substantially similar to those set forth in this Agreement, unless Spare agrees otherwise in writing. Each Participating Entity will be invoiced separately and will be solely responsible for its own obligations under its respective agreement. Customer shall not bear any financial or legal liability for any Participating Entity, and no contractual relationship is created between Customer and any Participating Entity by virtue of this clause. Spare shall not be liable for any acts or omissions of any Participating Entity and reserves the right to approve, decline, suspend, or terminate any Participating Entity’s participation under this clause at any time in its sole discretion if Spare reasonably determines that continued participation could create legal, regulatory, financial, or operational risk. This Section shall not be construed to create any joint venture, partnership, or agency relationship among Spare, Customer, or any Participating Entity.

EXHIBIT A

SERVICE LEVEL TERMS

General Service Level Terms and Downtime Management:

Spare will maintain 99.9% Service availability, measured monthly, excluding scheduled maintenance. Downtime resulting from Customer-requested maintenance or modifications during scheduled hours will also be excluded from availability calculations. Additionally, downtime caused by third-party outages, utility failures, or other events beyond Spare’s reasonable control will not be counted toward availability metrics.

If downtime lasts longer than one hour, Customer will receive a credit of 0.3% of annual Subscription Fees for every 30 consecutive minutes of downtime, capped at one credit per day. To qualify for a credit, Customer must notify Spare in writing within 24 hours of the downtime. Credits are limited to one (1) week of Service Fees per calendar month, are non-cash, and apply only to the month in which the downtime occurred. Spare is not liable for downtime caused by its enforcement of policies, including data communication blocking, which shall not constitute a failure to provide adequate service levels. Downtime credits shall not exceed 10% of the annual Service Fees paid by Customer for the affected month, regardless of the total amount of downtime.

Incident Management:

Service issues will be categorized and addressed as follows:

(i) Fatal: Complete degradation affecting all users and critical functions. Response time: 30 minutes during Support Hours.

(ii) Severe: Significant degradation affecting a large percentage of users or critical functions. Response time: 90 minutes during Support Hours.

(iii) Medium: Limited degradation affecting non-critical functions or a small number of users. Response time: 3 hours during Support Hours.

(iv) Minor: Small degradation affecting one user or non-critical functions. Response time: 4 hours during Support Hours.

EXHIBIT B

SUPPORT TERMS

Spare will provide support to Customer via electronic mail, chat, and over phone on a twenty-four (24) hour, seven (7) days a week basis (“Support Hours”).

Customer may initiate a helpdesk ticket during Support Hours by emailing support@spare.com.

Spare will use commercially reasonable efforts to respond to all helpdesk tickets within one business day.

EXHIBIT C

OPEN FLEETS TERMS

The following terms in this Exhibit C apply solely where Customer has elected to utilize Spare Open Fleets by indicating such election in the applicable Order Form or through written agreement with Spare:

  1. Company obligations: Company shall only enable an Approved Open Fleet Provider integration with Customer’s account within the Spare Platform where such integration has been expressly approved in writing by Customer. 
  1. Customer Obligations.
    1. Unless otherwise agreed in writing between the Parties, Customer represents and warrants that it (i) either has a direct agreement in place with each Approved Open Fleet Provider that permits that the Open Fleet Provider integration with Customer’s account within the Spare Platform and use as part of the Services that does not require any further agreement be entered into by Company; or (ii) that it has agreed to be bound by the applicable Approved Fleet Providers Terms as set out in sub-section (c) below.  
    2. Customer covenants and agrees to immediately inform Company in the event that any such agreement with an Approved Open Fleet Provider lapses, in which event Company shall immediately terminate the integration within the Customer’s account within the Spare Platform in respect of such Approved Open Fleet Provider without further liability to the Company.
    3. For each Approved Open Fleet Provider whose integration Customer has approved in writing, Customer shall include such notification and/or require any user of the Services to accept or acknowledge such additional terms of use, privacy policy or similar, in each case as may be required by such Approved Open Fleet Provider and applicable law.
  1. Approved Open Fleet Provider Terms. Where subsection (b)(i) above does not apply and the Approved Open Fleet Provider is:
    1. Uber Inc. (“Uber”, which expression shall include any subsidiaries or affiliates of Uber Inc.), then Customer agrees to be bound by the standard Uber for Business terms and conditions (the “U4B Online Terms”), available via https://www.uber.com/legal/business/dashboard/en/ (as may be updated from time to time), in the US, or the applicable global equivalent;
    2. Lyft (“Lyft”, which expression shall include any subsidiaries or affiliates of Lyft Inc.), then Customer agrees to be bound by the Lyft-specific terms set out at https://www.lyft.com/terms and https://www.lyft.com/privacy.; or
    3. Any other Approved Open Fleet Provider, such Approved Open Fleet Provider-specific terms as may be notified to Customer at the time of express approval of such Approved Open Fleet Provider by Customer.
  1. Access and Use Restrictions:
    1. Customer acknowledges and agrees that it shall not, directly or indirectly, access or integrate any Approved Open Fleet Provider's API, including but not limited to the Lyft API or Uber API, into Customer’s own platforms or systems without the express prior written consent of the Company and the relevant Approved Open Fleet Provider. For greater certainty, Customer’s access to and use of Approved Open Fleet Providers' services shall be restricted solely to integrations facilitated through the Company’s Spare Platform. Any attempt by Customer to circumvent these restrictions, including by reverse engineering or directly accessing the Approved Open Fleet Provider’s API, shall constitute a material breach of this Agreement.
    2. Customer shall not interfere with, modify, disable, or otherwise tamper with any features or functionality of the Approved Open Fleet Providers' platforms or APIs that are accessible via the Spare Platform, including but not limited to decompiling, disassembling, reverse engineering, or attempting to derive the source code or algorithms of any such platforms or services.
  1. Indemnity. For greater certainty, and in addition to any other indemnification obligations set forth in this Agreement, Customer agrees to defend, indemnify, and hold harmless Company, its affiliates, and its respective directors, officers, employees, subcontractors, and agents from and against any and all claims, suits, damages, losses, liabilities, costs, and expenses, including reasonable and documented attorney's fees, arising out of or related to:
    1. Customer’s breach of this Agreement, including any breach of the terms of use or service agreements of any Approved Open Fleet Provider, including but not limited to Lyft or Uber;
    2. Customer’s breach of any applicable laws, rules, or regulations, including but not limited to any failure to obtain proper consents as required under such data privacy laws, rules, or regulations; or
    3. Customer’s unauthorized use of, or access to, any Approved Open Fleet Provider’s services, APIs, or data in a manner not expressly permitted under this Agreement or under the Approved Open Fleet Provider’s applicable terms and policies.
  1. Data Privacy and Consent Obligations:
    1. Customer represents and warrants that, prior to providing any Rider or individual’s personal information, including phone numbers, email addresses, or other personally identifiable information (“PII”), to Company or any Approved Open Fleet Provider, Customer has obtained all necessary consents  from such individuals as required under applicable laws, rules, or regulations, including, without limitation applicable data privacy laws, rules, or regulations. Company shall not be responsible for independently verifying the validity of such consents.
    2. Customer further represents and warrants that such consents expressly authorize the use of automatic telephone dialing systems, prerecorded voice messages, SMS messaging, and/or emails for purposes of communications related to the Customer’s use of the Approved Open Fleet Provider’s services, as applicable.
    3. Customer shall not transfer any sensitive personally identifiable information (including but not limited to social security numbers, driver’s license numbers, or financial account information) to Company or any Approved Open Fleet Provider through the Spare Platform. Customer acknowledges and agrees that any such unauthorized transfer of sensitive information shall be a material breach of this Agreement. 
    4. Customer agrees to notify all Riders and relevant individuals, as required by applicable law, that their personal data may be subject to the respective privacy policies of the Approved Open Fleet Providers. Customer acknowledges that such privacy policies, including but not limited to Lyft’s Privacy Policy (available at https://www.lyft.com/privacy) and Uber’s Privacy Policy (available at https://privacy.uber.com/center), govern the collection, use, and disclosure of data by the Approved Open Fleet Providers in connection with their services.

EXHIBIT D

AI & MACHINE LEARNING; DATA USAGE

AI & ML Usage.

Spare may use Customer Data solely in aggregated, anonymized, and de-identified form to develop, improve, maintain, test, and enhance the Services, including Spare’s algorithms, analytics, artificial intelligence, and machine learning models, provided that such use does not identify Customer, any Authorized User, or any individual, and does not permit re-identification of any Personal Data.

No Use of Personal Data for Model Training Without Authorization.

Spare shall not use Personal Data to train, fine-tune, or otherwise improve artificial intelligence or machine learning models unless such use is expressly permitted by applicable Data Protection Laws and, where required, authorized by Customer in writing.

Restrictions on General-Purpose AI Models.

Spare shall not use Customer Data, whether in identifiable or de-identified form, to train or improve general-purpose or third-party artificial intelligence models that are offered, licensed, or otherwise made available to parties other than Customer, without Customer’s prior written consent.

Customer Isolation and Confidentiality.

Any use of Customer Data for AI or ML purposes shall be conducted in a manner that:

(a) maintains logical and technical separation between Customer Data and data of other customers;

(b) does not result in the disclosure of Customer Data or Confidential Information to other customers or third parties; and
(c) complies with Spare’s confidentiality obligations under this Agreement.

No Transfer of Ownership or Rights.

Nothing in this Agreement grants Spare any ownership interest in Customer Data. Customer retains all right, title, and interest in and to Customer Data. Spare retains all right, title, and interest in and to its models, algorithms, and improvements, excluding any Customer Data incorporated therein.

Transparency and Governance.

Upon reasonable request, Spare shall provide Customer with a high-level description of its AI and ML governance practices as they relate to the Services, including safeguards designed to prevent the unauthorized use or disclosure of Customer Data.

Compliance with Law.

Spare’s use of Customer Data for AI and ML purposes shall at all times comply with applicable laws and regulations, including applicable privacy, data protection, and emerging AI governance requirements.

The foregoing restrictions do not apply to synthetic data generated independently by Spare that does not contain or derive from Customer Data.

EXHIBIT E

ACCESSIBILITY COMMITMENTS

1. Accessibility Standards – General Commitment

Spare is committed that the Services will be designed and developed to materially conform with Web Content Accessibility Guidelines (WCAG) 2.1 Level AA, as published by the World Wide Web Consortium (W3C), and shall use commercially reasonable efforts to comply with applicable accessibility laws and regulations in the jurisdictions where the Services are provided.

2. Jurisdiction-Specific Accessibility Requirements

2.1 Canada

Where the Customer is located in Canada, or where the Services are provided to Canadian end users, Spare represents that the Services are designed to materially conform with applicable Canadian accessibility laws and standards, including:

  • the Accessibility for Ontarians with Disabilities Act, 2005 (AODA) and its regulations (including the Integrated Accessibility Standards Regulation (IASR)); and
  • applicable provincial accessibility legislation, as in force from time to time.

2.2 United States

Where the Customer is located in the United States, or where the Services are provided to U.S. end users, Spare represents that the Services are designed to materially conform with applicable U.S. accessibility requirements, including:

  • the Americans with Disabilities Act (ADA); and
  • Section 508 of the Rehabilitation Act of 1973, as amended, where applicable.

2.3 European Union

Where the Customer is located in the European Union, or where the Services are provided to EU end users, Spare represents that the Services are designed to materially conform with applicable EU accessibility requirements, including:

  • the European Accessibility Act (Directive (EU) 2019/882), as implemented into national law by EU Member States; and
  • any applicable national accessibility legislation implementing or supplementing the European Accessibility Act.

2.4 Japan

Where the Customer is located in Japan, or where the Services are provided to users in Japan, Spare represents that the Services are designed to materially conform with applicable Japanese accessibility requirements, including:

  • the Act on the Elimination of Discrimination against Persons with Disabilities; and
  • relevant guidelines issued by the Japanese government concerning web accessibility, including JIS X 8341-3 (as aligned with WCAG standards).

3. Additional Jurisdictions

Spare and Customer may agree in writing to add accessibility requirements for additional jurisdictions by:

  • amendment to this Exhibit; or
  • inclusion of a jurisdiction-specific accessibility schedule or addendum.

Absent such agreement, Spare’s accessibility obligations shall remain limited to the standards expressly set out in this Exhibit.

4. Scope of Responsibility

These accessibility commitments apply solely to the user-facing components of the Services controlled by Spare. For clarity:

  • third-party products, integrations, or content not controlled by Spare are excluded, provided Spare does not materially modify such content; and
  • Customer-provided content, data, configurations, or customizations remain the responsibility of Customer.

5. Reporting and Remediation

Customer may report accessibility issues through Spare’s designated support channels. Upon receipt of a valid report, Spare shall use commercially reasonable efforts to:

  • assess the reported issue; and
  • remediate the issue or provide a reasonable workaround within a commercially reasonable timeframe, taking into account severity, impact, and Spare’s development roadmap.

6. No Absolute Guarantee

Spare does not warrant that the Services will be entirely free from accessibility defects at all times. Accessibility obligations under this Exhibit are subject to:

  • material conformance standards; and
  • the limitations of liability and disclaimers set forth in the Agreement.

7. Conflict

In the event of any conflict between this Exhibit and the Agreement, this Exhibit shall prevail solely with respect to accessibility matters.

EXHIBIT F

DATA PRIVACY

This Exhibit F forms part of the Agreement and governs the processing, protection, and security of Personal Data in connection with the Services. In the event of a conflict between this Exhibit and the Agreement, this Exhibit shall prevail with respect to data protection and security matters.

1. Definitions

For purposes of this Exhibit:

  • “Personal Data” means any information relating to an identified or identifiable individual, as defined under applicable Data Protection Laws.
  • “Data Protection Laws” means all applicable privacy and data protection laws, including (as applicable) PIPEDA, provincial privacy laws, U.S. state privacy laws (including CPRA), GDPR, and UK GDPR.
  • “Controller”, “Processor”, “Business”, and “Service Provider” shall have the meanings assigned under applicable Data Protection Laws.

2. Roles of the Parties

Customer acts as the Controller (or “Business”), and Spare acts as the Processor (or “Service Provider”), with respect to Personal Data processed under the Agreement. Spare shall process Personal Data solely on documented instructions from Customer, including as necessary to provide the Services, unless otherwise required by law.

3. Security Measures

Spare shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, including at a minimum:

  • encryption of Personal Data in transit and at rest;
  • role-based access controls and least-privilege access;
  • logging and monitoring of access to systems;
  • vulnerability management and security patching;
  • incident response and business continuity procedures.

4. Subprocessors

Spare may engage subprocessors to process Personal Data, provided that:

  • subprocessors are bound by written agreements imposing data protection obligations no less protective than those set out herein;
  • Spare maintains and makes available an up-to-date list of subprocessors; and
  • Spare remains responsible for the acts and omissions of its subprocessors.

5. Personal Data Breach

Spare shall notify Customer without undue delay, and in any event no later than seventy-two (72) hours, after becoming aware of a Personal Data Breach. Such notice shall include, to the extent reasonably available:

  • a description of the nature of the breach;
  • categories and approximate number of affected data subjects and records;
  • measures taken or proposed to address the breach.

Spare shall reasonably cooperate with Customer in remediation and regulatory notifications.

6. Data Retention & Deletion

Upon termination or expiration of the Services, Spare shall, at Customer’s option:

  • return Personal Data to Customer; or
  • securely delete Personal Data

in each case within ninety (90) days, unless retention is required by applicable law.

7. Audit & Compliance

Upon reasonable request, Spare shall make available information reasonably necessary to demonstrate compliance with this Exhibit, including providing current ISO 27001, and SOC 2 Type II or equivalent reports, subject to confidentiality obligations.

8. Additional Jurisdictions

The Parties may add additional jurisdiction-specific privacy schedules to this Exhibit F by written agreement, without reopening the main Agreement.

9. ANONYMIZED AND AGGREGATED DATA

9.1 Creation of Anonymized Data

Spare may generate anonymized and aggregated data derived from Customer Data (“Anonymized Data”), provided that:

(a) such data is irreversibly anonymized in accordance with Recital 26 of the GDPR;

(b) anonymization is performed using technical and organizational measures designed to prevent re-identification;

(c) the data no longer constitutes Personal Data under applicable Data Protection Laws; and

(d) re-identification is contractually and technically prohibited.

For clarity, pseudonymized data shall not be considered Anonymized Data.

9.2 Permitted Use of Anonymized Data

Spare may use Anonymized Data for the following purposes:

  1. improving and enhancing the Services;
  2. developing new products, analytics, or functionality;
  3. generating industry benchmarks or insights; and
  4. internal business analytics.

Spare shall not use Customer Data or Anonymized Data to train or improve general-purpose artificial intelligence models made available to third parties without Customer’s prior written consent.

9.3 Safeguards

Spare shall ensure that:

(a) Anonymized Data cannot reasonably be used to identify Customer or any individual;

(b) Anonymized Data is not combined with other data sets in a manner that permits re-identification; and

(c) processing complies with purpose limitation and data minimization principles under Article 5 GDPR.

SCHEDULE F-CA (CANADA – PIPEDA & PROVINCIAL PRIVACY LAWS)

1. Applicable Laws

This Schedule applies where Personal Data is subject to:

  • the Personal Information Protection and Electronic Documents Act (PIPEDA); and
  • applicable provincial privacy legislation.

2. Processing Obligations

Spare shall:

  • process Personal Data only for purposes of providing the Services;
  • ensure personnel are subject to confidentiality obligations; and
  • provide reasonable assistance to Customer in responding to access, correction, or complaint requests under PIPEDA.

SCHEDULE F-US (UNITED STATES – CPRA & STATE PRIVACY LAWS)

1. Service Provider Status

Spare acts as a Service Provider under applicable U.S. state privacy laws, including CPRA.

2. Restrictions

Spare shall:

  • not sell or share Personal Data;
  • not retain, use, or disclose Personal Data outside the business purpose of providing the Services;
  • not combine Personal Data with data received from other sources except as permitted by law.

3. Consumer Rights Assistance

Spare shall reasonably assist Customer in responding to verified consumer requests relating to access, deletion, or correction of Personal Data.

SCHEDULE F-EU (EU GDPR / UK GDPR – FULL DPA)

1. Article 28 GDPR Compliance

Spare shall:

  • process Personal Data only on documented instructions;
  • ensure confidentiality of authorized personnel;
  • implement appropriate security measures;
  • assist with data subject rights requests;
  • assist with DPIAs where required;
  • make available information necessary to demonstrate compliance.

2. International Transfers

Where Personal Data is transferred outside the EEA or UK, such transfers shall be governed by:

  • Standard Contractual Clauses (EU 2021/914), incorporated by reference; and
  • appropriate supplementary measures, as required.

3. Records of Processing

Spare shall maintain records of processing activities as required under Article 30 GDPR.