Supplemental Terms to Master Services Agreement

Revised and effective: August 30, 2024

AI Software, LLC does business as Capacity, CereProc, Denim Social, Envision, Lucy, LumenVox, SmartAction, and Textel and through its subsidiaries including but not limited to Textel CX, Inc., SmartAction Holdings, Inc., Denim Social, LLC, Equals3 Inc d/b/a Lucy and Envision Telephony, Inc.

These Supplemental Terms (“Supplemental Terms”) apply to specific Services or aspects of Services described herein and supplement and form a part of the Services Agreement found at https://capacity.com/services-agreement/ between Subscriber and AI Software, LLC (referred to herein as “Capacity”) unless Subscriber has a written master services agreement executed between Subscriber and Capacity for the Services, in which case these Supplemental Terms will supplement and form a part such written master services agreement (in either case, the “Agreement”).

If you are a new Subscriber, then these Supplemental Terms will be effective as to any Service Order entered into after August 30, 2024. If you are an existing Subscriber of any of our brands which refer to online terms of service, subscription or services agreement or the like as of August 30, 2024, then Capacity is providing you with prior notice of the changes to our Agreement with you, which will be effective as of September 30, 2024.

Terms used herein but not defined herein have the meanings set forth in the Agreement. Notwithstanding anything to the contrary in the Agreement, Capacity reserves the right, at its sole discretion, to update the Supplemental Terms in relation to the development of new or updates to existing features and functionality of the Services or Applicable Law. Subscriber’s continued usage of the Services may be relied upon by Capacity as Subscriber’s acceptance of the then-current version of these Supplemental Terms.

Index to these Supplemental Terms

Implementation Services
Customer Success Packages
Recording of Communications, Tracking Technologies and Session Replay
Communications Services
Voice Text-to-Speech Services
Social Media Integrations
AI-Powered Features
PCI-DSS Compliance
HIPAA Compliance
Finance Industry-Gramm-Leach-Bliley Act Compliance
Communications Services Compliance under TCPA and FDCPA

Implementation Services

As set forth in the Subscriber’s Service Order, Capacity’s Services typically include implementation, set-up and on-boarding services, which we refer to as “Implementation Services.” As set forth in the applicable Service Order, Implementation Services range from activation at no cost to months-long collaborative work-flow building implementations. In most cases, completion of the implementation services is subject to Subscriber’s fulfillment of certain Subscriber obligations described in the Service Order Schedule or otherwise provided to Subscriber in writing. Examples include:As part of Implementation Services, Subscriber must designate one or more appropriate team members with appropriate authority and familiarity with subject matter to coordinate Implementation Services and training. As needed, Subscriber must designate a primary technical admin to make any necessary updates to company systems and to provide first-line technical support to users.

Implementation Services may be subject to suitable API availability and delivery of API keys and login access by Subscriber to Capacity. For any Integrations listed in this Service Order for which Capacity has agreed to assist with the API integration, if Subscriber fails to deliver API keys and login access within 30 days of Services Start Date or to execute on the agreed-upon Subscriber deliverables, then Capacity may instead either (i) permit Subscriber to develop the applicable integration on the Capacity Developer Platform at the same price, or (ii) require payment of the Monthly Minimum Subscription Fee, regardless of whether a go-live notification has been issued or not, if due to material Subscriber delays.

The Service Order may indicate that the Implementation Services include video conference training. In such case, Video Conference training will be made available for a defined initial period and thereafter on a paid basis. If Subscriber must reschedule the originally agreed upon training date, a minimum of 2 weeks’ notice is required, or the training rate specified in the Service Order will be billed to Subscriber. A minimum of thirty (30) days advance notice to schedule training and installation must be provided by Subscriber to Capacity.

If the Service Order may call for User Acceptance Testing (UAT) of Capacity-built work-flow Implementation Services, then Subscriber must provide test data, which is metadata that would be used to validate success of UAT test cases, and functional APIs to Capacity within 10 business days after the initial kick-off meeting between the respective Capacity and Subscriber’s implementation teams. Subscriber will provide UAT test cases to Capacity within 15 business days after the kick-off meeting between the respective Capacity and Subscriber’s implementation teams. UAT is when the Subscriber will test the application according to the submitted test cases. By the end of UAT, the Subscriber must have their production environment fully configured for end-to-end Testing and ensure it has resources available for a joint end-to-end testing process.

Customer Support Packages

If Subscriber’s Service Order includes a Customer Support package, then it will either be designated as Premium Support, Standard Support or Basic Support, each of which is described below:

Premium Support

Dedicated CSM for ongoing support – up to 24 hrs. / year (2x/month)
CSM hours can be used for the following:

Enhancements to existing builds/features
Admin/Agent training on new features
Adoption consultation and guidance
Additional scope/product feature implementation

Launch marketing/change management support

Agent Training
Change management and communication guidance

Periodic messages to Subscriber’s agents to give them tips on how to get the most out of the Capacity platform
Access to Capacity webinars to learn more about specific product/program features & tips
Access to Capacity Office Hours for additional implementation support
Access to Capacity Knowledge Center
On-Demand support from our Technical Support team; 8am-6pm (CT) (excluding holidays); After hours by email
Dedicated Account Manager for strategic guidance/benchmarking:

Regular meetings to ensure business goals are being met.
Biannual Annual Objective Review and Product Roadmap Preview.

Standard Support

CSM for ongoing support- up to 16 hrs. / year
CSM hours can be used for the following:

Enhancements to existing builds/features
Admin/Agent training on new features
Adoption consultation and guidance
Additional scope/product feature implementation

Program Launch marketing/change management support

Agent Training
Change management and communication guidance

On-Demand support from our Technical Support team; 8am-6pm (CT) (excluding holidays); After hours by email
Periodic messages to Subscriber’s agents to give them tips on how to get the most out of the Capacity platform
Access to Capacity webinars to learn more about specific product/program features & tips
Access to Capacity Office Hours for additional implementation support
Access to Capacity Knowledge Center
Dedicated Account Manager for strategic guidance/benchmarking:

Regular meetings to ensure business goals are being met.
Annual Objective Review and Product Roadmap Preview.

Basic Support

Access to Capacity Office Hours for ongoing CS support
Periodic messages to Subscriber’s users to give them tips on how to get the most out of the Capacity platform
Access to Capacity webinars to learn more about specific product/program features & tips
Access to Capacity Knowledge Center
On-Demand support from our Technical Support team; 8am-6pm (CT) (excluding holidays); After hours by email

Please note that Implementation Services and other professional services related to integration services are billed separately as set forth in the Services Agreement.

Recording of Communications, Tracking Technologies and Session Replay

Subscribers are responsible for maintaining appropriate notice, consent, opt-in, and opt-out mechanisms as are required by Data Protection Laws to enable Subscriber to utilize the Services to communicate with its Users and to lawfully collect data from such Users. In performance of the Services, like other platforms, Capacity employs the use of cookies, unique identifiers, web beacons and similar tracking technologies, which Subscriber acknowledges. For example, it is a best practice for a Subscriber’s privacy policy to describe its use of technologies and for Subscriber to provide a hyperlink to such policy in chatbot or other messaging communications. Similarly, it is a best practice for Subscriber to obtain agreement of Users before recording the Users’ voices, chats or other experiences with the Subscriber’s website and technologies that Subscriber in-licenses such as Capacity’s Services.

Communication Services

If Subscriber’s Service Order includes SMS, MMS, WhatsApp, and/or similar messaging channels (together “Messaging Services”) and/or voice communications (collectively, “Communication Services”), then the following 8 sections apply:

Subscriber acknowledges and agrees that Messaging Services are provided by way of transmissions between local and/or international telecommunications networks. Subscriber acknowledges and agrees that Subscriber can have no expectation of privacy concerning the transmission of Subscriber Data by use of Messaging Services, provided, however, that any Subscriber Data that is ultimately at rest with and stored by Capacity on Subscriber’s behalf will be protected in accordance with the relevant terms of the Agreement. Subscriber agrees that Capacity retains the right to create reasonable limits on Capacity’s use and storage of Subscriber Data, such as limits on file size, storage space, processing capacity, and similar limits.
Capacity treats all messaging transmitted via Capacity’s platform(s) – regardless of use case or phone number type (e.g., long code, short code, or toll-free) – as Application-to-Person (“A2P”) messaging. All A2P messages originating from Capacity are subject to telecommunications networks’ rules and/or prohibitions, including those regarding: consent (“opt-in”); revocation of consent (“opt-out”); campaign registration and/or approval; and content.

Subscriber is solely responsible for all use of Messaging Services in compliance with CTIA Messaging Principles, CTIA Short Code Monitoring Handbook, and Applicable Laws. Subscriber’s use of Messaging Services that does not comply with the CTIA Messaging Principles, applicable laws, and/or the provisions in these Supplemental Terms constitutes a violation of the TOS.

“Applicable Law” includes all applicable laws, rules and regulations applicable to Subscriber, its business or the subject matter of the Agreement including without limitation, laws governing the use of individual information, deceptive and misleading advertising, electronic commercial communications, telemarketing and other similar laws, which include without limitation the U.S. Telephone Consumer Protection Act of 1991, U.S. Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 and the Canada Anti-SPAM Legislation, if applicable, and each as amended.

A “Campaign” is a Message-based, one-way or two-way conversation utilizing A2P Messaging that an End User consents to receive (or otherwise “opts in” to) in accordance with customary industry standards and applicable law.

Short Codes: Any Short Code Campaign must be pre-registered and pre-approved by wireless carriers.
TFNs: Any TFN use cases must be verified pursuant to prevailing industry standards.
TNs: Any 10DLC Campaign must be pre-registered pursuant to prevailing industry standards.
In the absence of any applicable industry standards, as reasonably determined by Capacity, a Campaign use case must be registered with Capacity.

Subscriber acknowledges that Textel has no obligation to pre-screen Subscriber Campaigns, although Textel reserves the right in its sole discretion to pre-screen, refuse or remove any Campaigns. By entering into this Agreement, Subscriber hereby provides irrevocable consent to such monitoring.

Subscriber represents and warrants that (i) Subscriber has or has procured all power and authority necessary to use and text enable those phone numbers it registers or associates with the Account, (ii) Subscriber will not use the Services on a phone number that has been exchanged, rented, or purchased from a third party without the permission of the phone number owner, (iii) the phone number is not a mobile subscriber phone number, and (iv) Subscriber agrees to execute any additional documents necessary to ensure its authority to use and text enable those phone numbers.
Subscriber may not use Messaging Services to transmit or store any content or communications (commercial or otherwise) that is illegal, harmful, unwanted, inappropriate, or objectionable, including, but not limited to, content or communications which Capacity determines (a) is false or inaccurate; (b) is hateful or encourages hatred or violence against individuals or groups; or (c) could endanger public safety. This prohibition includes use of Messaging Services by a hate group. Subscriber and its End Users are also prohibited from using Messaging Services to promote, or enable the transmission of or access to, any prohibited content or communications described in this paragraph.

Subscriber may not use Messaging Services to engage in or encourage any activity that is illegal, deceptive, harmful, a violation of others’ rights, or harmful to Capacity’s business operations or reputation, including:

Violating laws, regulations, governmental orders, industry standards, or telecommunications providers’ requirements or guidance in any applicable jurisdiction.
Interfering with or otherwise negatively impacting any aspect of Messaging Services or any third-party networks that are linked to Messaging Services.
Reverse engineering, copying, disassembling, or decompiling Messaging Services.
Creating a false identity or any attempt to mislead others as to the identity of the sender or the origin of any data or communications.

Subscriber may not violate the integrity of Messaging Services, including:

Attempting to bypass, exploit, defeat, or disable limitations or restrictions placed on Messaging Services.
Finding security vulnerabilities to exploit Messaging Services or attempting to bypass any security mechanism or filtering capabilities.
Any denial of service (DoS) attack on Messaging Services or any other conduct that attempts to disrupt, disable, or overload Messaging Services.
Transmitting code, files, scripts, agents, or programs intended to do harm, including viruses or malware, or using automated means, such as bots, to gain access to or use Messaging Services.
Attempting to gain unauthorized access to Messaging Services.

Subscriber is responsible for determining whether Messaging Services offer appropriate safeguards for Subscriber’s use of Messaging Services, including, but not limited to, any safeguards required by applicable law or regulation, prior to transmitting or processing, or prior to permitting End Users to transmit or process, any data or communications via Messaging Services.

Subscribers use of Messaging Services may include access to Capacity’s API. Capacity may limit: (i) the number of network calls that Subscriber may make via API; (ii) the maximum file size; and (iii) the maximum content that may be accessed, or anything else about the API and Subscriber’s Campaign it accesses that Capacity deem appropriate, in each case in our sole discretion. Capacity may utilize technical measures to prevent over-usage or stop usage of the API by Subscriber or any other User after any usage limitations are exceeded or suspend Subscriber’s access to the API with or without notice in the event Subscriber exceeds any such limitations.
Subscriber expressly agrees that: (i) the Messaging Services are not intended to be used for any emergency services that are designed to be routed based upon the location of the origination of the communication or to supply the receiving party with such location information (including, but not limited to, 911 in North America, 112 in Europe, and 999 and 110 and other emergency calling codes where used) (“Emergency Communications”); (ii) Subscriber has arranged for other effective and reliable methods for Emergency Communications to be available at all times to any persons who may have occasion to use the Messaging Services; and (iii) Subscriber has trained all such users and posted conspicuous reminder notices that would be seen by all such potential users that alternatives to the Messaging Services should be used for Emergency Communications.
Subscriber must exercise caution and judgment when changing carriers; including porting voice service from one carrier to another which may break the texting route. Textel has no control over this so Subscriber must check with its carrier prior to porting any phone numbers. Subscriber remains responsible for all charges associated with the Account notwithstanding a break in the texting route as a result of change of carriers.
Telecommunications carriers enforce mandatory registration and verification processes for businesses, as well as fees and fines. Subscribers using text messaging on 10-digit long code (10DLC) and toll-free (TFN) phone numbers will be required to provide the necessary information to complete this registration and verification process. During the registration process, text functionality may be limited or blocked. Carriers impose fines for violations of message content rules (such as phishing, smishing and social engineering, illegal content and SHAFT). Any fine imposed on Capacity with respect to Subscriber’s messages will be passed on to Subscriber. Prohibited content information is available at https://support.textel.net/. Subscriber acknowledges that his, her or its business owns the land-line or toll-free number listed above and authorize Textel to sign any associated Letter of Authorization for Texting Enablement in the form set forth at https://support.textel.net/LOAform.

See our support guide for more information about Messaging Services here: https://support.textel.net/

Voice Text-to-Speech Services

If Subscriber’s Service Order includes a Text-to-Speech (“TTS”) package, then the following 3 sections apply:

Subscriber may not disclose the results of any benchmark or performance test of the software Services to any third party without Capacity’s prior written approval.
Subscriber may not distribute the saved output of the TTS, in any manner, including, but not limited to, audio files, as a part of applications, materials or multimedia works created by or for Subscriber or otherwise rent, resell, lease, or lend the generated output to any third party. Subscriber may not play back the saved output in public or otherwise make it publicly available.
Subscriber acknowledges that the TTS services should not be used in Emergency Situations, life threatening or fail-safe applications or where its use could cause serious injury or death.

Social Media Integrations

If Subscriber’s Service Order includes a Social Media Package, then the following 2 sections applies:

Subscriber acknowledges and agrees that Capacity does not operate third-party the social media platforms (such as Facebook, Instagram and LinkedIn) which may be integrated with the Services and cannot guarantee the continued availability or performance of such applications.

Subscriber agrees that it will maintain sufficient rights to permit third party applications or services to interoperate with Capacity’s Services and it will comply with its own contractual commitments including the End User License Agreements under any third-party social media or other software connected to the Services by or on behalf of Subscriber.

Messaging Integrations

If Subscriber’s Service Order includes a [Messaging Integrations] package, then the following section applies:

Subscriber acknowledges and agrees that Capacity does not operate third-party messaging platforms (such as WhatsApp, Facebook Messenger, Line, Twitter and Apple Business Chat) which may be integrated with the Services and cannot guarantee the continued availability or performance of such applications.

Subscriber agrees that it will maintain sufficient rights to permit third party applications or services to interoperate with Capacity’s Services and it will comply with its own contractual commitments including the End User License Agreements under any third-party messaging or software connected to the Services by or on behalf of Subscriber.

Subscriber must provide applicable notice to and receive necessary consents from Users to communicate with such Users using third party messaging platforms.

Subscriber acknowledges that Messaging Integrations that facilitate direct conversations between Users and healthcare providers or that send or collect any patient data obtained from healthcare providers are subject to HIPAA. HIPAA compliance and patient consent is Subscriber’s responsibility.

AI-Powered Features

Subscriber may enable AI features in utilizing the Services. Learn more about AI in the Capacity platform here: AI in the Capacity Platform.

PCI-DSS Compliance

The goal of the Payment Card Industry Data Security Standards (“PCI DSS”) is to protect cardholder data (“CHD”) and sensitive authentication data (“SAD”) wherever it is processed, stored, or transmitted. The security controls and processes required by PCI DSS are vital for protecting all payment card account data, including the primary account number printed on the front of a payment card (“PAN”).

If Subscriber’s Service Order includes PCI-DSS-covered services, i.e. Textel text payments or SmartAction functionality to allow IFD-authenticated callers to make a payment, then the following 3 sections apply:

Capacity acknowledges that to the extent that Capacity handles, has access to, or otherwise processes or transmits Subscriber’s cardholder data or sensitive authentication data via PCI DSS-covered services, Capacity shall be responsible for the security of cardholder data that Capacity possesses or otherwise processes or transmits on behalf of the Subscriber and Capacity will maintain all applicable PCI DSS requirements.
The processing of any CHD or SAD in any of our other Services is not recommended and not covered by the TOS. Subscriber is responsible for ensuring that its use of and other Capacity Services to store or process credit card data complies with applicable PCI DSS requirements and shall not process or store credit card data in any other Capacity Services.
Other than under PCI-DSS-covered services, Subscriber shall not use the Services to process CHD, SAD or PAN.

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules and regulations passed by the U.S. Congress designed to protect the privacy and security of individuals’ protected health information (PHI) and electronic PHI (ePHI). HIPAA applies to providers of health care, health plans, and health care clearinghouse services. These providers are required to handle patient personal health information (PHI/ePHI) in a way that meets defined security standards. When providers, known as covered entities, use third-party vendors or services where personal health information might be stored, those vendors or services, known as business associates, need to adhere to the HIPAA standards as well, under a contractually defined business associate agreement.

Under our Agreement, if Subscriber is a covered entity or a business associate HIPAA desiring to have Capacity process PHI as a business associate via HIPAA covered services, then the Service Order shall expressly include the HIPAA Package and the Business Associate Addendum available at https://capacity.com/capacity-BAA shall be incorporated herein. Other than under a HIPAA Package, SUbscriber shall not use the Services to process PHI/ePHI.

If Subscriber’s engagement of Capacity’s services includes the HIPAA Package and contemplates the transmission of PHI to any Individual via text message, then Subscriber will clearly inform each User of the security risks of insecure text communications and recommend a secure option, and keep explicit records of all these risk warnings and the written approval from the User.

Subscriber acknowledges and agrees that Capacity does not maintain PHI in a Designated Record Set (as defined under HIPAA) for Subscriber.

Subscriber acknowledges and agrees that Capacity does not engage in any Covered Electronic Transactions (as defined under HIPAA) on behalf of Subscriber.

Finance Industry-Gramm-Leach-Bliley Act Compliance

If the Parties have entered into a Service Order under which Subscriber is permitted to provide Capacity with non-public personal information covered by Gramm-Leach-Bliley Act and the regulations thereunder (“NPI”), and provided that Capacity is a service provider or permitted to access NPI, then Capacity acknowledges that it shall establish and maintain appropriate data security policies and procedures designed to ensure the following: (i) security and confidentiality of NPI; (ii) protection against anticipated threats or hazards to the security or integrity of NPI; and (iii) protection against the unauthorized access or use of NPI.

Communications Services Compliance under TCPA and FDCPA

If Subscriber’s Service Order includes a Voice Package, then the following 3 sections applies:

1. For purposes of the Fair Debt Collection Practices Act (15 U.S.C. § 1692), any state law equivalents, and any rules and regulations implemented thereby or promulgated with respect thereto (as may be amended from time to time, the “FDCPA”), Subscriber shall inform Capacity in writing if the Services relate to the collection of any debts owed or due or asserted to be owed or due and shall be solely responsible for ensuring compliance with the FDCPA.
To undertake the responsibility of ensuring the ongoing compliance with all applicable federal and state laws or laws of any other jurisdiction governing outbound calling, and the electronic recording of telephone conversions. Subscriber shall be solely responsible for establishing, updating, and maintaining proper procedures to ensure full legal compliance therewith, including, but not limited to, the inclusion and ongoing maintenance of all necessary language, notice of disclosures as required by law, preceding Capacity’s receipt of the call.
Subscriber is responsible for all federal, state, and local laws as it relates to the recording or monitoring of telephone conversations.

Cookie	Duration	Description
__tld__	session	Description is currently not available.
_cfuvid	session	Description is currently not available.
_no_tracky_101397840	1 hour	Description is currently not available.
rl_session	1 year	Description is currently not available.
ubpv	6 months 1 day	No description available.
ubvs	5 months 27 days	No description available.
ubvt	3 days	No description available.
VISITOR_PRIVACY_METADATA	5 months 27 days	Description is currently not available.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.
INGRESSCOOKIE	session	This cookie is used for load balancing and session stickiness. This technical session identifier is required for some website features.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
visitorId	1 year	ZoomInfo sets this cookie to identify a user.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.