Supplemental Terms

Revised and effective: November 25, 2025

These Supplemental Terms ("Supplemental Terms") apply to specific Services or aspects of Services described herein and supplement and form a part of the Services Agreement found at https://capacity.com/services-agreement/ between Subscriber and AI Software, LLC d/b/a "Capacity" unless Subscriber has a written master services agreement executed between Subscriber and Capacity for the Services, in which case these Supplemental Terms will supplement and form a part such written master services agreement (in either case, the "Agreement").

If you are a new Subscriber, then these Supplemental Terms will be effective as to any Service Order entered into after November 25, 2025. If you are an existing Subscriber of any of our brands which refer to online terms of service, subscription or services agreement or the like as of November 25, 2025, then Capacity is providing you with prior notice of the changes to our Agreement with you, which will be effective as of December 25, 2025.

Terms used herein but not defined herein have the meanings set forth in the Agreement. Notwithstanding anything to the contrary in the Agreement, Capacity reserves the right, at its sole discretion, to update the Supplemental Terms in relation to the development of new or updates to existing features and functionality of the Services or applicable law. Subscriber's continued usage of the Services may be relied upon by Capacity as Subscriber's acceptance of the then-current version of these Supplemental Terms.

Implementation Services

As set forth in the Subscriber's Service Order, Capacity's Services typically include implementation, set-up and on-boarding services, which we refer to as "Implementation Services." In most cases, completion of the implementation services is subject to Subscriber's fulfillment of certain Subscriber obligations described in the Service Order Schedule or otherwise provided to Subscriber in writing. Implementation Services are subject to cooperation by Subscriber with its obligations and provision of access to applicable technology and Subscriber Data including test data. For any Integrations listed in the Service Order for which Capacity has agreed to assist with an integration, if Subscriber fails to provide suitable access, then Capacity may instead, for the same price, permit Subscriber to develop the applicable integration on the Capacity Developer Platform at the same price.

Customer Success Services Packages

Capacity offers tiered Customer Success Services packages which are described in Subscriber's Service Order. Capacity does not offer telephone support to Subscribers, but rather offers support via email, in-Service communications, and electronic messages.

Please note that Implementation Services are defined and billed separately as set forth in the Service Order. Professional services are only provided if defined and set forth explicitly in the Service Order, in which case the terms and conditions of such professional services will be outlined in the Service Order or a schedule thereto.

Recording of Communications, Tracking Technologies and Session Replay

Subscribers are responsible for maintaining appropriate notice, consent, opt-in, and opt-out mechanisms as are required by Data Protection Laws to enable Subscriber to utilize the Services to communicate with its Users and to lawfully collect data from such Users. In performance of the Services, like other platforms, Capacity employs the use of cookies, unique identifiers, web beacons and similar tracking technologies, which Subscriber acknowledges. For example, it is a best practice for a Subscriber's privacy policy to describe its use of technologies and for Subscriber to provide a hyperlink to such policy in chatbot or other messaging communications. Similarly, it is a best practice for Subscriber to obtain agreement of Users before recording the Users' voices, chats or other experiences with the Subscriber's website and technologies that Subscriber in-licenses such as Capacity's Services.

Intelligent Virtual Agents Services

If Subscriber's Service Order includes Intelligent Virtual Agents (referred to as SMS IVA, Voice IVA, Chat IVA and/or Email IVA), then the following sections apply:

1. If Subscriber's Service Order includes Services using SMS, MMS and the like, then Subscriber acknowledges and agrees that such messaging services are provided by way of transmissions between local and/or international telecommunications networks and that Subscriber can have no expectation of privacy concerning such transmissions of Subscriber Data, provided, however, that any Subscriber Data that is ultimately at rest with and stored by Capacity on Subscriber's behalf will be protected in accordance with the relevant terms of this Agreement.
2. Capacity treats all messaging transmitted via Capacity's platform(s) - regardless of use case or phone number type (e.g., long code, short code, or toll-free) - as Application-to-Person ("A2P") messaging; accordingly, the communications utilizing the Services are subject to various laws and regulations.
3. Subscriber may not use the Services to transmit or store any content or communications (commercial or otherwise) in violation of relevant law or the Acceptable Use Policies listed at www.capacity.com/AUP. Capacity reserves the right to request and review evidence of such compliance.
4. In connection with sending SMS/MMS through the Services, Capacity disclaims any liability with regards to (i) third-party wireless service providers ("Carriers") or (ii) third-party intermediaries that transmit SMS/MMS messages between Providers and Carriers ("Aggregators"), including regarding system capacity, message throughput, or actual delivery to an End User's device. In addition, Carriers and/or Aggregators may charge additional per-message fees for SMS/MMS messages. Capacity will invoice Subscribers monthly in arrears for such fees, if any.
5. Telecommunications carriers enforce mandatory registration and verification processes for businesses, as well as fees and fines. Subscribers using text messaging on 10-digit long code (10DLC) and toll-free (TFN) phone numbers will be required to provide the necessary information to complete this registration and verification process. During the registration process, text functionality may be limited or blocked. Carriers impose fines for violations of message content rules (such as phishing, smishing and social engineering, illegal content and SHAFT). Any fine imposed on Capacity with respect to Subscriber's messages will be passed on to Subscriber. Subscriber acknowledges that his, her or its business owns the land-line or toll-free number listed in its Service Order and has authorized Capacity to sign any associated Letter of Authorization for Texting Enablement.
6. Subscriber shall at all times extend co-operation to the third-party service provider(s) in respect of any inquiry or investigation in relation to use or users of the phone connection. Subscriber shall provide all applicable information as soon as requested by Capacity (no more than 24 hours). Subscriber agrees that it shall furnish information and all documents, from time to time, including any undertaking or declaration as may be required by third-party service provider(s) for the benefit of such service provider(s) in respect of Services.
7. Via the Services, Subscriber may send a message-based, one-way or two-way conversation utilizing A2P Messaging that an End User consents to receive (or otherwise "opts in" to in accordance with customary industry standards and applicable law)(a "Campaign"). Subscriber acknowledges that Capacity has no obligation to pre-screen, although Capacity reserves the right in its sole discretion to pre-screen, refuse or remove any Campaigns. The following applies to Campaigns:
   • Short Codes: Any Short Code Campaign must be pre-registered and pre-approved by wireless carriers.
   • TFNs: Any TFN use cases must be verified pursuant to prevailing industry standards.
   • TNs: Any 10DLC Campaign must be pre-registered pursuant to prevailing industry standards.
   • In the absence of any applicable industry standards, as reasonably determined by Capacity, a Campaign use case must be registered with Capacity.
8. Subscriber represents and warrants that (i) Subscriber has or has procured all power and authority necessary to use and text enable those phone numbers it registers or associates with the Account, (ii) Subscriber will not use the Services on a phone number that has been exchanged, rented, or purchased from a third party without the permission of the phone number owner, (iii) the phone number is not a mobile subscriber phone number, and (iv) Subscriber agrees to execute any additional documents necessary to ensure its authority to use and text enable those phone numbers.
9. Subscriber is responsible for determining whether the Services offer appropriate safeguards for Subscriber's business, including, but not limited to, any safeguards required by applicable law or regulation, prior to transmitting or processing, or prior to permitting End Users to transmit or process, any data or communications via the Services.
10. Subscribers use of the Services may include access to Capacity's API. Capacity may limit: (i) the number of network calls that Subscriber may make via API; (ii) the maximum file size; and (iii) the maximum content that may be accessed, or anything else about the API and Subscriber's Campaign it accesses that Capacity deem appropriate, in each case in our sole discretion. Capacity may utilize technical measures to prevent over-usage or stop usage of the API by Subscriber or any other User after any usage limitations are exceeded or suspend Subscriber's access to the API with or without notice in the event Subscriber exceeds any such limitations.
11. Subscriber expressly agrees that: (i) the Services are not intended to be used for any emergency services that are designed to be routed based upon the location of the origination of the communication or to supply the receiving party with such location information (including, but not limited to, 911 in North America, 112 in Europe, and 999 and 110 and other emergency calling codes where used) ("Emergency Communications"); (ii) Subscriber has arranged for other effective and reliable methods for Emergency Communications to be available at all times to any persons who may have occasion to use the Services; and (iii) Subscriber has trained all such users and posted conspicuous reminder notices that would be seen by all such potential users that alternatives to the Services should be used for Emergency Communications.
12. Subscriber must exercise caution and judgment when changing carriers; including porting voice service from one carrier to another which may break the texting route. Capacity has no control over this so Subscriber must check with its carrier prior to porting any phone numbers. Subscriber remains responsible for all charges associated with the Account notwithstanding a break in the texting route as a result of change of carriers.
13. Subscriber may not distribute the saved output of Voice IVA, in any manner, including, bt not limited to, audio files, as a part of applications, materials or multimedia works created by or for Subscriber or otherwise rent, resell, lease, or lend the generated output to any third party. Subscriber may not play back the saved Voice IVA output in public or otherwise make it publicly available. Subscriber may not disclose the results of any benchmark or performance test of the Voice IVA Services to any third party without Capacity's prior written approval;
14. Subscriber agrees that Capacity retains the right to create reasonable limits on Capacity's use and storage of Subscriber Data, such as limits on file size, storage space, processing capacity, and similar limits.

AI in the Capacity Platform

Learn more about AI in the Capacity platform here: AI in the Capacity Platform.

PCI-DSS Compliance

The goal of the Payment Card Industry Data Security Standards ("PCI DSS") is to protect cardholder data ("CHD") and sensitive authentication data ("SAD") wherever it is processed, stored, or transmitted. The security controls and processes required by PCI DSS are vital for protecting all payment card account data, including the primary account number printed on the front of a payment card ("PAN").

If Subscriber's Service Order includes PCI-DSS-covered services, i.e. Textel text payments or SmartAction functionality to allow IFD-authenticated callers to make a payment, then the following sections apply:

1. Capacity acknowledges that to the extent that Capacity handles, has access to, or otherwise processes or transmits Subscriber's cardholder data or sensitive authentication data via PCI DSS-covered services, Capacity shall be responsible for the security of cardholder data that Capacity possesses or otherwise processes or transmits on behalf of the Subscriber and Capacity will maintain all applicable PCI DSS requirements.
2. The processing of any CHD or SAD in any of our other Services is not recommended and not covered by the TOS. Subscriber is responsible for ensuring that its use of and other Capacity Services to store or process credit card data complies with applicable PCI DSS requirements and shall not process or store credit card data in any other Capacity Services.
3. Other than under PCI-DSS-covered services, Subscriber shall not use the Services to process CHD, SAD or PAN.

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules and regulations passed by the U.S. Congress designed to protect the privacy and security of individuals' protected health information (PHI) and electronic PHI (ePHI). HIPAA applies to providers of health care, health plans, and health care clearinghouse services. These providers are required to handle patient personal health information (PHI/ePHI) in a way that meets defined security standards. When providers, known as covered entities, use third-party vendors or services where personal health information might be stored, those vendors or services, known as business associates, need to adhere to the HIPAA standards as well, under a contractually defined business associate agreement.

Under our Agreement, if Subscriber is a covered entity or a business associate HIPAA desiring to have Capacity process PHI as a business associate via HIPAA covered services, then the Service Order shall expressly include the HIPAA Package and the Business Associate Addendum available at https://capacity.com/capacity-BAA shall be incorporated herein. Other than under a HIPAA Package, Subscriber shall not use the Services to process PHI/ePHI.

If Subscriber's engagement of Capacity's services includes the "HIPAA Package" in the Service Order and contemplates the transmission of PHI to any Individual via text message, then Subscriber will clearly inform each User of the security risks of insecure text communications and recommend a secure option, and keep explicit records of all these risk warnings and the written approval from the User.

Subscriber acknowledges and agrees that Capacity does not maintain PHI in a Designated Record Set (as defined under HIPAA) for Subscriber.

Subscriber acknowledges and agrees that Capacity does not engage in any Covered Electronic Transactions (as defined under HIPAA) on behalf of Subscriber.

Subscriber acknowledges and agrees that HIPAA compliance and patient consent is Subscriber's responsibility.

Finance Industry-Gramm-Leach-Bliley Act Compliance

If the Parties have entered into a Service Order under which Subscriber is permitted to provide Capacity with non-public personal information covered by Gramm-Leach-Bliley Act and the regulations thereunder ("NPI"), and provided that Capacity is a service provider or permitted to access NPI, then Capacity acknowledges that it shall establish and maintain appropriate data security policies and procedures designed to ensure the following: (i) security and confidentiality of NPI; (ii) protection against anticipated threats or hazards to the security or integrity of NPI; and (iii) protection against the unauthorized access or use of NPI.

TCPA and FDCPA Compliance

If Subscriber's Service Order includes a Voice IVA, then the following sections applies:

1. For purposes of the Fair Debt Collection Practices Act (15 U.S.C. § 1692), any state law equivalents, and any rules and regulations implemented thereby or promulgated with respect thereto (as may be amended from time to time, the "FDCPA"), Subscriber shall inform Capacity in writing if the Services relate to the collection of any debts owed or due or asserted to be owed or due and shall be solely responsible for ensuring compliance with the FDCPA.
2. To undertake the responsibility of ensuring the ongoing compliance with all applicable federal and state laws or laws of any other jurisdiction governing outbound calling, and the electronic recording of telephone conversions. Subscriber shall be solely responsible for establishing, updating, and maintaining proper procedures to ensure full legal compliance therewith, including, but not limited to, the inclusion and ongoing maintenance of all necessary language, notice of disclosures as required by law, preceding Capacity's receipt of the call.
3. Subscriber is responsible for all federal, state, and local laws as it relates to the recording or monitoring of telephone conversations.