Terms & Conditions

Effective Date: September 26, 2025
Company: TRX Ventures LLC AKA UnitVox ("UnitVox", "we", "us", "our")
Registered Address: 30 N GOULD ST STE R, SHERIDAN, WY 82801, USA
Contact: [email protected] (legal notices) | [email protected] (privacy) | [email protected] (security)

IMPORTANT NOTICE --- THESE TERMS CONTAIN A BINDING ARBITRATION AGREEMENT, A CLASS ACTION WAIVER, LIMITATIONS OF LIABILITY, AND DISCLAIMERS OF WARRANTIES. BY ACCESSING OR USING THE SERVICES, YOU AGREE TO THESE TERMS.

1. Scope; Agreement to Terms

1.1 Scope. These Terms of Use (the "Terms") govern access to and use of UnitVox's software-as-a-service platform and related websites, dashboards, APIs, SDKs, AI voice/SMS/omnichannel agents, call recording/transcription features, documentation, and any professional services (collectively, the "Services").

1.2 Customer Types. "Customer" means the entity or person that creates an account or enters an Order. "Users" means individuals authorized by Customer to use the Services. "End Users" means individuals who interact with Customer's AI agent(s) (e.g., callers, website chat visitors, SMS recipients).

1.3 Contract Formation. By clicking "I agree," executing an Order, or using the Services, you agree to these Terms and any policies referenced herein (Acceptable Use Policy, Data Processing Addendum, Subprocessor List, Security Overview, and any applicable Order, SOW, or SLA) (collectively, the "Agreement").

2. Services; Subscriptions; Orders

2.1 Provision. Subject to these Terms, UnitVox will make the Services available to Customer during the subscription term specified in an Order.

2.2 Accounts. Customer is responsible for Users' compliance and all activities under its accounts. Customer must maintain accurate account information and promptly update changes.

2.3 Admin Controls. Customer controls settings, knowledge bases, scripts, integrations, data retention options, and feature toggles (e.g., recording, transcription, AI disclosures).

2.4 Changes. We may modify features or functionalities with reasonable notice where practicable. If a change materially degrades core functionality, Customer may terminate the affected Order within 30 days of notice for a pro-rata refund of prepaid, unused fees.

3. Customer Data; Roles; License

3.1 Definitions. "Customer Data" means data, audio, text, images, phone numbers, transcripts, metadata, and other content submitted to or processed by the Services on Customer's behalf.

3.2 Ownership. As between the parties, Customer owns Customer Data.

3.3 License to UnitVox. Customer grants UnitVox a non-exclusive, worldwide, royalty-free license to host, copy, process, transmit, display, and otherwise use Customer Data solely to provide, secure, support, and improve the Services, to develop related features, and to comply with law. We may generate Aggregated/De-Identified Data from Customer Data; such data will not identify any natural person or Customer and may be used to analyze performance, improve reliability, and develop insights. We do not use Customer Data to train generalized foundation models for third parties without Customer's express written consent.

4. Roles Under Privacy Laws

4.1 Controller/Processor. For Customer Data processed to deliver the Services, Customer is the "controller/business" and UnitVox is the "processor/service provider." For our own site analytics, billing, fraud prevention, and direct marketing to our customers, UnitVox is a controller/business.

4.2 DPA. The Data Processing Addendum (DPA) is incorporated by reference. Where required, Standard Contractual Clauses (and UK IDTA/UK Addendum, as applicable) govern international transfers.

4.3 End-User Requests. If an End User contacts UnitVox directly, we will, where appropriate, direct the End User to the relevant Customer and will reasonably assist Customer in fulfilling verified privacy requests.

5. Acceptable Use; Restrictions

5.1 AUP. Customer shall comply with the Acceptable Use Policy (AUP), incorporated herein. Prohibited uses include (without limitation):\

unlawful activities; harassment; threats; child sexual abuse material; exploitation or harm to minors;

infringement, defamation, privacy intrusions;

generating or disseminating content that is illegal or that facilitates significant harm;

attempts to probe, scan, or test the vulnerability of systems;

introducing malware; interfering with or burdening the Services;

circumventing security controls, usage limits, or rate limits;

misrepresenting AI as human where disclosure is required by law or policy;

storing or transmitting Sensitive Data (e.g., full payment card numbers, government ID numbers, health/medical/PHI, biometric templates) unless expressly permitted by a signed addendum.

5.2 High-Risk Use. The Services are not designed for use in hazardous environments requiring fail-safe performance (e.g., life support, nuclear facilities, aviation navigation). Customer shall not use the Services where failure could lead to death, personal injury, or catastrophic damage.

5.3 Emergency Use. The Services do not provide emergency services and do not connect to 911 or equivalent. Customer must clearly direct End Users to call 911 for life-safety emergencies.

5.4 Telecom Compliance. Customer is solely responsible for: (a) obtaining and logging all required consents (e.g., marketing vs. transactional), (b) complying with applicable telemarketing, anti-spam, and consumer-protection laws (e.g., TCPA, TSR, CAN-SPAM, CASL), (c) meeting A2P 10DLC registration, content, and throughput rules, and (d) honoring STOP/UNSUBSCRIBE and DNC requests.

5.5 SMS/Text Messaging Program Terms

Program Description

The UnitVox SMS/text messaging program enables Customers to send and receive automated and conversational text messages with End Users for business communications, including but not limited to: appointment confirmations and reminders; service notifications and status updates; AI-powered conversational assistance; promotional and marketing messages (where consented); customer support interactions; transactional confirmations; and other business-to-consumer communications as configured by Customer.

By providing a mobile phone number to Customer or opting in to receive text messages from Customer through the UnitVox platform, End Users expressly consent to receive automated text messages at the mobile number provided. Message frequency varies based on Customer's configuration and End User interactions with the AI agent or service.

Opt-Out Instructions

End Users may cancel the SMS service at any time by texting "STOP", "STOPALL", "UNSUBSCRIBE", "CANCEL", "END", or "QUIT" to the number from which they are receiving messages. Upon receiving an opt-out keyword, the system will:

Immediately cease sending marketing and promotional messages to that mobile number;

Send a final confirmation message acknowledging the opt-out request;

Add the mobile number to the suppression list to prevent future messaging.

Important: Certain transactional, security-related, or service-critical messages may still be sent even after opt-out, as permitted by applicable law and to fulfill contractual or legal obligations.

Rejoining Instructions

End Users who have opted out may rejoin the SMS program by:

Re-opting in through the original opt-in method (e.g., web form, keyword opt-in, point-of-sale);

Texting "START", "YES", or "UNSTOP" to the number from which they previously received messages; or

Following the instructions provided by Customer for program enrollment.

Upon rejoining, End Users will resume receiving SMS messages according to the program's message frequency and types.

Help Instructions

For assistance with the SMS program, End Users may:

Text "HELP" or "INFO" to the number from which they are receiving messages to receive automated assistance information; or

Contact Customer directly at the support contact information provided in the initial opt-in disclosure or at [email protected] for general inquiries regarding the UnitVox platform.

Help responses will include: program identification, opt-out instructions, support contact information, and a link to applicable terms and privacy policy.

Carrier Liability Disclaimer

Wireless carriers are not liable for delayed or undelivered messages. Factors beyond UnitVox's and Customer's control may affect message delivery, including but not limited to: carrier network congestion or outages; End User device issues or settings; spam filtering by carriers; changes in carrier policies or technical requirements; international routing limitations; and regulatory restrictions.

Neither UnitVox nor Customer guarantees message delivery, and neither party shall be liable for any damages resulting from delayed, failed, or filtered message delivery due to carrier or network issues.

Message and Data Rates

Message and data rates may apply for messages sent to End Users from Customer and to Customer from End Users. The number of messages an End User receives will vary based on Customer's program configuration and End User interactions. Message frequency is not fixed and may include multiple messages per day, per week, or per month depending on the nature of the program and End User activity.

End Users are responsible for any charges imposed by their wireless carrier for text messaging services. For questions regarding text plans, data plans, or charges, End Users should contact their wireless carrier directly.

Supported Carriers

The SMS program is available to End Users on participating carriers in the United States and, where supported, internationally. Major U.S. carriers include AT&T, T-Mobile, Verizon, Sprint, Boost, Cricket, MetroPCS, U.S. Cellular, and others. Carrier availability may change without notice.

Privacy Policy

For information about how Customer and UnitVox collect, use, and protect End User information, including mobile phone numbers and text messaging data, please refer to:

UnitVox Privacy Policy: Available at unitvox.com/privacy or upon request at [email protected]

Customer's Privacy Policy: End Users should refer to the privacy policy of the specific business or organization (Customer) operating the SMS program.

Compliance with Industry Standards
UnitVox and its Customers are committed to compliance with all applicable industry standards and regulations governing SMS and text messaging, including but not limited to:

Telephone Consumer Protection Act (TCPA) and FCC regulations;

Telemarketing Sales Rule (TSR);

CAN-SPAM Act (where applicable to text messages);

CTIA Messaging Principles and Best Practices;

Mobile Marketing Association (MMA) Consumer Best Practices;

Cellular Telecommunications Industry Association (CTIA) Short Code Monitoring Program standards;

A2P 10DLC (Application-to-Person 10-Digit Long Code) requirements for campaign registration, content compliance, and throughput management;

STIR/SHAKEN caller authentication protocols;

International regulations including Canada's Anti-Spam Legislation (CASL), UK PECR, and GDPR (where applicable).

Customer acknowledges and agrees that:

Customer is solely responsible for ensuring all SMS campaigns and messages comply with applicable laws, regulations, and carrier requirements;

Customer must maintain documentation of all opt-in consents and make such documentation available to UnitVox or carriers upon request;

Customer must register A2P 10DLC campaigns with accurate use-case descriptions and sample messages;

Customer must promptly update campaign registrations if message content or purpose materially changes;

Failure to maintain compliance may result in campaign suspension, filtering, or termination by carriers or UnitVox.

Legal Compliance Note

Customer Responsibilities: Customer, as the sender and controller of SMS communications, bears primary legal responsibility for:

Obtaining proper prior express written consent (PEWC) where required for marketing messages;

Providing clear opt-in disclosures that include program description, message frequency, message/data rate warnings, opt-out instructions, help information, and links to terms and privacy policy;

Maintaining records of consent including date, time, method of consent, and IP address or device information where applicable;

Honoring opt-out requests within the timeframes required by law (typically immediately, but no later than 10 business days);

Scrubbing messaging lists against the National Do Not Call Registry and internal suppression lists;

Adhering to time-of-day restrictions (typically no messages before 8:00 AM or after 9:00 PM in the recipient's local time zone);

Ensuring message content complies with carrier content policies (no SHAFT content—sex, hate, alcohol, firearms, tobacco—unless properly registered and legally permitted);

Accurately representing the sender identity and providing valid customer service contact information;

Complying with data protection and privacy laws regarding collection, use, and retention of mobile phone numbers and messaging data.

UnitVox Responsibilities: UnitVox provides the technical platform and infrastructure for SMS delivery but does not control the content, timing, targeting, or consent collection methods employed by Customer. UnitVox:

Maintains carrier relationships and technical integrations;

Provides tools for opt-out management, though Customer remains responsible for honoring opt-outs;

Monitors for platform abuse and may suspend accounts that violate laws, carrier policies, or these Terms;

Reserves the right to review campaigns and reject or suspend messaging that poses compliance risk;

Provides compliance resources and best practices documentation;

Does not provide legal advice and Customer should consult legal counsel for specific compliance questions.

Carrier Rights and Enforcement: Mobile carriers reserve the right to:

Filter, block, or throttle messages that violate carrier policies or appear to constitute spam;

Suspend or terminate Customer's messaging access for compliance violations;

Audit campaigns and request documentation of consent;

Impose fines or surcharges for non-compliant messaging; and

Change technical requirements, content policies, or fees with or without notice.

Customer acknowledges that neither UnitVox nor carriers guarantee message deliverability, and campaigns may be subject to filtering or throughput limitations based on carrier policies and reputation scoring.

Modifications to SMS Program Terms: UnitVox may modify these SMS Program Terms upon reasonable notice to Customer. Continued use of SMS services following notice of changes constitutes acceptance of the modified terms. Material changes that adversely affect Customer's rights may permit Customer to terminate the SMS services within 30 days of notice.

6. Recording; Transcription; Disclosures

6.1 Recording Choice. If Customer enables recording and/or transcription, Customer is responsible for providing legally required notices and obtaining consent under applicable one-party/two-party consent laws and sector-specific rules.

6.2 Use of Recordings. Recordings/transcripts may be processed to deliver and support the Services (e.g., quality assurance, dispute resolution, fraud prevention) and by vetted sub-processors under the DPA.

7. Third-Party Services & Integrations

7.1 Integrations. The Services may interoperate with third-party telephony, CRM, calendar, cloud, and AI infrastructure. UnitVox does not control third-party services and is not responsible for their acts, omissions, outages, or security.

7.2 Separate Terms. Use of third-party services is governed by their terms and privacy policies. Customer is responsible for enabling, configuring, and maintaining integrations.

8. Security; Customer Responsibilities

8.1 Security Program. UnitVox maintains administrative, technical, and physical safeguards appropriate to the nature of the Services, including encryption in transit, access controls, logging/monitoring, and vulnerability management.

8.2 Customer Steps. Customer must: (a) protect credentials and API keys; (b) use role-based access; (c) set retention and deletion schedules; (d) review templates/knowledge for accuracy and compliance; (e) promptly notify UnitVox of any suspected compromise.

9. Fees; Taxes; Trials

9.1 Fees. Fees, usage entitlements, and terms are set in the Order or within the product. Except as expressly stated, fees are non-refundable.

9.2 Auto-Renewal. Subscriptions renew for successive terms unless canceled as specified in the Order.

9.3 Taxes. Fees exclude taxes; Customer is responsible for applicable taxes.

9.4 Late Payment. Overdue amounts may incur the lesser of 1.5% per month or the maximum allowed by law. We may suspend the Services for non-payment after notice.

10. Professional Services

If included in an SOW, UnitVox may provide configuration, migration, or enablement services. Deliverables are deemed accepted upon delivery unless Customer provides written notice of material non-conformity within 10 days. Professional services are not subject to uptime SLAs unless specified.

11. Intellectual Property; Feedback; DMCA

11.1 IP Ownership. UnitVox and its licensors own the Services, software, and all related IP. No rights are granted except as expressly stated.

11.2 Feedback. If Customer or Users provide feedback, UnitVox may use it without restriction or obligation.

11.3 DMCA. UnitVox responds to notices of alleged copyright infringement consistent with the Digital Millennium Copyright Act. Send notices to [email protected] with the information required by 17 U.S.C. §512(c)(3).

12. Confidentiality

Each party will protect the other party's non-public information with at least reasonable care and use it solely to perform under the Agreement. Confidentiality obligations do not apply to information that is public through no fault, known prior without duty, independently developed, or rightfully obtained from a third party without duty.

13. Warranties; Disclaimers

13.1 Mutual Authority. Each party represents that it has the authority to enter into this Agreement.

13.2 Service Disclaimer. THE SERVICES, BETA/EXPERIMENTAL FEATURES, AND ALL RELATED MATERIALS ARE PROVIDED "AS IS" AND "AS AVAILABLE." UNITVOX AND ITS LICENSORS DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, AVAILABILITY, AND THAT AI OUTPUTS OR TRANSCRIPTS WILL BE ERROR-FREE OR MEET CUSTOMER REQUIREMENTS.

13.3 No Professional Advice. The Services do not provide legal, medical, financial, engineering, or licensed trade diagnoses or professional advice. Customer remains solely responsible for decisions and compliance.

13.4 SMS/Text Messaging Disclaimer. UNITVOX DOES NOT GUARANTEE THE DELIVERY, TIMING, OR ACCURACY OF SMS/TEXT MESSAGES. MESSAGE DELIVERY IS SUBJECT TO CARRIER NETWORK AVAILABILITY, TECHNICAL LIMITATIONS, SPAM FILTERING, REGULATORY RESTRICTIONS, AND OTHER FACTORS OUTSIDE UNITVOX'S CONTROL. CUSTOMER ACKNOWLEDGES THAT WIRELESS CARRIERS MAY BLOCK, FILTER, DELAY, OR CHARGE FOR MESSAGES, AND THAT UNITVOX SHALL NOT BE LIABLE FOR ANY SUCH CARRIER ACTIONS OR OMISSIONS.

14. Indemnification

14.1 By Customer. Customer will defend, indemnify, and hold harmless UnitVox and its affiliates from claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) Customer Data; (b) alleged violation of laws (including telecom/marketing, recording, and privacy laws); (c) use of the Services in breach of the Agreement; or (d) Customer's products or services.

14.2 By UnitVox (IP). UnitVox will defend Customer against third-party claims alleging that the Services infringe a U.S. patent, copyright, or trademark, and will pay resulting damages finally awarded, provided: (i) Customer promptly notifies UnitVox; (ii) UnitVox has sole control of the defense/settlement; and (iii) Customer reasonably cooperates. UnitVox may procure the right to continue using, modify, or replace the Services, or, if not commercially reasonable, terminate the affected Order with a pro-rata refund. UnitVox's obligations do not apply to claims based on: Customer Data; combinations with non-UnitVox products; modifications not made by UnitVox; or use after notice of alleged infringement. THIS SECTION STATES UNITVOX'S ENTIRE LIABILITY FOR IP INFRINGEMENT.

15. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW: (a) NEITHER PARTY WILL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, GOODWILL, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY; (b) EACH PARTY'S TOTAL LIABILITY IN THE AGGREGATE ARISING OUT OF OR RELATED TO THE AGREEMENT SHALL NOT EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO UNITVOX FOR THE SERVICES IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY. The foregoing exclusions/limits do not apply to (i) Customer's payment obligations; (ii) a party's willful misconduct; or (iii) liability that cannot be limited by law.

16. Suspension; Term; Termination

16.1 Suspension. We may suspend the Services immediately for (a) security risk; (b) suspected fraud/abuse; (c) non-payment; or (d) legal requirements.

16.2 Term; Termination. The Agreement continues for the subscription term(s). Either party may terminate for material breach not cured within 30 days of written notice. Customer may terminate immediately if we cease the Services in their entirety.

16.3 Effect. Upon termination, Customer will stop using the Services. For 30 days after termination (unless prohibited by law), UnitVox will make exportable Customer Data available; thereafter, we may delete Customer Data per retention schedules. Sections intended to survive (including 3, 4, 5, 8, 11--15, 16.3, 17--22) shall survive.

17. Dispute Resolution; Arbitration; Class Action Waiver

17.1 Governing Law; Venue. The Agreement is governed by the laws of the State of Texas, without regard to conflicts principles. Exclusive jurisdiction and venue lie in state or federal courts located in Travis County, Texas, except that either party may seek injunctive relief in any court of competent jurisdiction.

17.2 Arbitration. Any dispute arising out of or relating to the Agreement shall be resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules. The arbitration will be conducted in Austin, Texas, before a single arbitrator. Judgment on the award may be entered in any court of competent jurisdiction.

17.3 Class Waiver; Jury Waiver. No class actions or class arbitrations. The parties waive the right to a jury trial.

18. Export; Sanctions; Anti-Corruption

Customer shall comply with export control and sanctions laws and shall not use the Services in, or for the benefit of, embargoed countries or restricted parties. Customer represents it and its beneficial owners are not listed on any restricted party list. Customer will comply with anti-bribery/anti-corruption laws.

19. Assignment; Subcontracting

Customer may not assign the Agreement without UnitVox's prior written consent (not unreasonably withheld). UnitVox may assign to an affiliate or in connection with a merger, acquisition, or sale of assets. UnitVox may use subcontractors and remains responsible for their performance.

20. Notices; Electronic Communications

We may provide notices via the Service, email, or by posting. Customer consents to receive electronic communications and agrees that such communications satisfy legal requirements.

21. Miscellaneous

21.1 Force Majeure. Neither party is liable for delays/failures due to events beyond reasonable control.

21.2 Entire Agreement; Order of Precedence. The Agreement constitutes the entire agreement. In case of conflict, the following order applies: (1) Order; (2) SLA/SOW (if any); (3) DPA; (4) these Terms; (5) policies referenced.

21.3 Severability; Waiver. If any provision is unenforceable, it will be modified to the minimum extent necessary to make it enforceable; others remain in effect. Waivers must be in writing.

21.4 Publicity. We may use Customer's name and logo to identify Customer as a customer unless Customer opts out in writing.

21.5 Headings; No Third-Party Beneficiaries. Headings are for convenience; no third-party beneficiaries.

LEGAL APPENDICES (A--E)

Effective Date: September 26, 2025
Company: TRX Ventures LLC AKA UnitVox ("UnitVox", "we", "us", "our")
Registered Address: 30 N GOULD ST STE R, SHERIDAN, WY 82801, USA
Contact: [email protected] (legal notices) | [email protected] (privacy) | [email protected] (security)

These Appendices are incorporated by reference into the UnitVox Terms of Use. Capitalized terms have the meanings given in the Terms unless defined here.

APPENDIX A --- ACCEPTABLE USE POLICY (AUP)

A.1 Purpose & Scope

This AUP protects End Users, networks, and the integrity of the Services. It applies to Customer, Users, and anyone using the Services through Customer's account or integrations.

A.2 General Conduct Rules (Representative, not exhaustive)

Customer shall not (and shall not permit any third party to):

1. Unlawful/Harmful Activity --- Use the Services for activities that are unlawful, harmful, fraudulent, misleading, or that violate rights of others (privacy, publicity, contractual, or intellectual property rights).

2. Abusive Content --- Upload, generate, transmit, or store content that is defamatory, harassing, hateful, discriminatory, sexually explicit (including CSAM, which is categorically prohibited), or that threatens violence or self-harm.

3. Infringement/Misappropriation --- Use the Services to infringe or misappropriate copyright, trademark, trade secret, or other IP rights; submit content without necessary permissions.

4. Security Interference --- Probe, scan, or test the vulnerability of any system; defeat security controls; introduce malware; perform DDoS; or otherwise interfere with or disrupt the Services or connected networks.

5. Circumvention/Misuse --- Bypass rate limits, quotas, or fees; spoof identities or headers; misrepresent origin; or access the Services via automated means not expressly permitted by UnitVox (e.g., unthrottled scraping, credential stuffing).

6. Privacy Violations --- Collect or disclose personal information in violation of law; doxx individuals; track or profile without lawful basis and notices; submit Sensitive Data without a signed addendum expressly permitting it.

7. High-Risk Use --- Use the Services in life-critical or mission-critical environments (e.g., medical diagnosis/treatment, aircraft/airspace control, nuclear facilities, weapons control, or any system where failure could cause death, personal injury, or severe environmental damage).

8. Emergency Services --- Present or use the Services as an emergency service or for dispatch to 911/112 or similar.

9. Child Safety --- Create, store, or distribute any sexual content involving minors, or content that sexualizes minors; promptly report suspected CSAM to appropriate authorities.

10. Export/Sanctions --- Use the Services in violation of export control/sanctions laws, or for the benefit of restricted parties.

A.3 Telecom, Messaging, and Calling Rules (Customer Responsibilities)

Customer acknowledges sole responsibility for compliance with, as applicable: TCPA, TSR, CAN-SPAM, CTIA Messaging Principles/Code, A2P 10DLC requirements (brand/campaign registration, consent category, content restrictions, opt-out handling), STIR/SHAKEN Caller ID authentication, and analogous international rules (e.g., CASL in Canada, Ofcom/PECR in the UK). Minimum requirements include: - Consent --- Obtain and document appropriate consent for each contact and message type (e.g., transactional vs. marketing). No purchased lists without documented consent.

Identification --- Identify the sender and purpose; include valid contact details.

Opt-Out --- Honor STOP/UNSUBSCRIBE requests immediately; maintain and apply suppression lists; no further marketing to opted-out numbers/emails.

Quiet Hours/Do-Not-Call --- Observe applicable quiet-hour and DNC rules; scrub against national/state lists where required.

Content Restrictions --- No SHAFT content (sex, hate, alcohol, firearms, tobacco) unless legally permitted and registered; no illegal substances/services; no deceptive claims.

Campaign Accuracy --- Ensure A2P campaign purpose, sample messages, and content remain truthful and aligned with registered use; update or re-register if materially changed.

Caller ID --- Truthful caller ID; no neighbor spoofing or misrepresentation.

Recording Consent --- Provide legally required recording/transcription notices and secure required consents before recording.

A.4 AI-Specific Rules

AI Disclosure --- Where required by law or Customer policy, disclose that an AI assistant is interacting.

No Professional Advice --- Do not present AI outputs as licensed professional advice or as a diagnosis.

Safety-First Language --- Use safety escalations and emergency disclaimers; do not discourage contacting emergency services.

Human-in-the-Loop --- Maintain escalation paths to human staff for complex, sensitive, or high-risk scenarios.

Prohibited Uses --- No generation of malware, instructions for wrongdoing, or content designed to cause physical, financial, or reputational harm.

Model Governance --- Configure guardrails/filters; log and review risky prompts; remediate identified misuse.

A.5 Sensitive Data Policy

Without a signed addendum, do not submit: government ID numbers; financial account numbers or full payment card data; precise geolocation; racial/ethnic origin; health/medical data/PHI; biometric templates; union membership; sexual orientation; or data of children under the age threshold of applicable law (e.g., COPPA in the U.S.).

A.6 Rate Limits & Fair Use

UnitVox may enforce rate limits, quotas, concurrency caps, and content moderation. Customer must implement exponential backoff and respect HTTP 429/5xx responses. Automated scraping of admin consoles is prohibited.

A.7 Enforcement

UnitVox may monitor for abuse (automated and manual), suspend or terminate access, block traffic, and report unlawful content to authorities. Report abuse to [email protected].

APPENDIX B --- DATA PROCESSING ADDENDUM (DPA)

This DPA forms part of the Agreement and governs UnitVox's processing of Customer Personal Data as a processor/service provider to Customer (controller/business).

B.1 Definitions

"Customer Personal Data" means any personal data processed by UnitVox on behalf of Customer via the Services. "Applicable Data Protection Laws" include, as applicable: EU/UK GDPR, ePrivacy laws, and U.S. state privacy laws (e.g., CA CPRA, VA VCDPA, CO CPA, CT, UT, OR, TX). "SCCs" means the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), as amended. "Service Provider/Processor" terms align with CPRA and other state laws.

B.2 Roles; Processing Instructions

(a) Roles. Customer is controller/business; UnitVox is processor/service provider. (b) Instructions. UnitVox will process Customer Personal Data only on documented instructions from Customer, including as necessary to provide, secure, and improve the Services, to prevent fraud/abuse, and to comply with law. (c) Prohibitions. UnitVox shall not: (i) sell Customer Personal Data; (ii) share it for cross-context behavioral advertising; (iii) retain, use, or disclose it outside the direct business relationship; or (iv) combine it with personal data received from other sources except as permitted by law (e.g., to detect security incidents or improve the Services using Aggregated/De-Identified Data).

B.3 Confidentiality & Personnel

UnitVox ensures personnel processing Customer Personal Data are bound by confidentiality and receive appropriate privacy/security training.

B.4 Security Measures

UnitVox implements appropriate technical and organizational measures (see Annex II) to ensure a level of security appropriate to the risk, including encryption in transit, access controls, logging/monitoring, and vulnerability management.

B.5 Sub-Processors

Customer authorizes UnitVox to engage sub-processors listed in Appendix C (and updates at the posted Subprocessor URL). UnitVox will: (i) impose data protection obligations equivalent to this DPA; (ii) remain liable for sub-processor performance; and (iii) provide advance notice of changes to allow Customer to object on reasonable grounds related to data protection.

B.6 Assistance; Data Subject Rights

Taking into account the nature of processing, UnitVox will provide reasonable assistance to Customer in responding to data subject requests (access, deletion, correction, portability, objection, restriction) and privacy impact assessments.

B.7 Security Incidents

UnitVox will notify Customer without undue delay after becoming aware of a confirmed Personal Data Breach affecting Customer Personal Data and will provide information reasonably necessary for Customer to meet its obligations, taking into account legitimate law enforcement or security constraints.

B.8 International Transfers

Where UnitVox or its sub-processors transfer Customer Personal Data outside the EEA/UK/Switzerland to a country lacking adequate protection, UnitVox will implement appropriate safeguards, including the SCCs (Modules 2/3) and, where applicable, the UK IDTA/UK Addendum and Swiss addendum.

Parties agree that:

Annex I describes the parties, data categories, and purposes;

Annex II lists the technical and organizational measures;

Annex III lists sub-processors.

B.9 Audits & Assessments

Upon reasonable written request, UnitVox will provide information necessary to demonstrate compliance with this DPA and allow for audits by Customer or a mutually agreed auditor, not more than once annually, during business hours, with reasonable notice, and subject to confidentiality and safety measures. Reports from reputable third-party audits (e.g., SOC 2) may satisfy audit requests.

B.10 Deletion/Return

Upon termination/expiration, upon Customer's written request and subject to legal retention obligations, UnitVox will delete or return Customer Personal Data. Backup media will be overwritten per retention cycles.

B.11 Government Requests

UnitVox will notify Customer of government or law enforcement requests for Customer Personal Data unless legally prohibited, and will challenge unlawful requests where commercially reasonable.

B.12 Liability

Liability for processing of Customer Personal Data is governed by the Agreement's limitation of liability.

ANNEX I --- SCC Details (Template)

Data Exporter (Controller/Customer): [[Customer legal name, address, contact]]

Data Importer (Processor/UnitVox): UnitVox, 30 N GOULD ST STE R, SHERIDAN, WY 82801, USA, [email protected]

Subject Matter & Duration: Provision of the Services; duration of the Agreement + post-termination export window.

Nature & Purpose: Telephony/SMS processing, call recording/transcription (if enabled), CRM syncing, analytics, support, security.

Categories of Data Subjects: Customer's prospects, customers, employees/contractors, end-users contacting Customer.

Categories of Personal Data: Identifiers (name, email, phone), communications metadata/content (if enabled), device/usage data, CRM fields synced via integrations.

Special Categories: Not intended; any processing requires explicit instructions and safeguards.

Frequency of Transfer: Continuous as needed.

Competent Supervisory Authority: Determined under GDPR (e.g., where Customer is established).

ANNEX II --- Technical and Organizational Measures (Summary)

See Appendix D -- Security Overview (incorporated by reference). Highlights include: encryption in transit; least-privilege access; MFA; audit logging; vulnerability management; secure SDLC; incident response; backups; business continuity.

ANNEX III --- Authorized Sub-Processors (Template)

See Appendix C -- Subprocessor List (incorporated by reference).

APPENDIX C --- SUBPROCESSOR LIST & POLICY

C.1 Overview

UnitVox uses carefully selected sub-processors to deliver the Services. Because UnitVox is a white-label of HighLevel, we inherit HighLevel's production sub-processors. This Appendix lists those HighLevel platform sub-processors as of the date below, plus UnitVox's notification and objection process.

Live list effective date: September 26, 2025
Source of record: HighLevel's publicly published sub-processor roster (monitored by UnitVox).

C.2 Current Sub-Processor Roster (grouped by function)

Region note: Unless otherwise noted, processing locations are in the United States; some providers may process in multiple regions per their standard terms.

Core Infrastructure - Google Cloud Platform (GCP) --- primary cloud infrastructure, data storage, networking. - Amazon Web Services (AWS) --- supplemental infrastructure services and storage.

Communications & Messaging - Twilio --- voice/SMS/MMS origination/termination, carrier compliance tooling. - Mailgun --- outbound email delivery and reputation management. - LeadConnector LLC --- communication services enablement and operational support.

Billing & Payments - Stripe --- subscription billing and payment processing (tokens only; no full PAN storage by UnitVox). - Chargebacks911 --- chargeback monitoring and dispute support.

Support & Operations - Freshworks --- customer support and ticketing communications. - Zapier --- workflow automations connecting Services to third-party apps per Customer configuration.

Product Analytics & Data - Pendo --- in-product analytics and guided tours. - ChartMogul --- subscription analytics and MRR/ARR reporting. - Mozart Data --- analytics warehousing/ETL functions. - People Data Labs --- business data enrichment for contact/company records. - Persona Identities --- identity verification and risk signals.

AI & Speech Providers - OpenAI --- model inference for natural-language generation and understanding. - Retell AI --- AI voice/agent functionality. - Synthflow --- AI phone/voice agent capabilities. - Botpress --- conversational AI tooling.

Affiliate/Regional Services - HighLevel India --- HighLevel services and support delivery (India processing).

Important configuration note. Depending on Customer settings, additional providers may be engaged at Customer's direction (e.g., customer-owned Twilio/SendGrid accounts, custom webhooks, CRMs). Such providers act as Customer's independent processors/controllers and are not UnitVox sub-processors unless explicitly enabled under UnitVox's account.

C.3 Onboarding Due Diligence

Before onboarding any sub-processor, UnitVox evaluates: security certifications/policies, data minimization, processing geography, incident history, contractual DP terms (including SCCs/UK Addendum as needed), and business continuity posture.

C.4 Changes, Monitoring & Notification (DPO Clause)

Continuous Monitoring. UnitVox monitors HighLevel's public sub-processor page and related legal notices at least daily via automated checks.

Advance Notice. When HighLevel adds or replaces a platform sub-processor, UnitVox will email Customer's designated DPO address and primary admin contact within 5 business days of UnitVox becoming aware of the change (or sooner where practicable).

Emergency Additions. For urgent reliability/security needs, UnitVox may rely on HighLevel's immediate changes; UnitVox will notify the DPO/admin within 48 hours of awareness.

Right to Object. Customers may object on reasonable data-protection grounds within 15 days of notice. UnitVox will in good faith seek alternatives (e.g., configuration changes, isolation) or, if unresolved, permit termination of the affected Service with a pro-rata refund of prepaid, unused fees.

Customer-Added Tools. If Customer enables additional third-party tools via integrations or custom automations, Customer is responsible for vetting and providing any required notices to End Users.

C.5 Flow-Down Obligations

Each sub-processor is bound by written contract imposing obligations no less protective than those in the DPA and this Appendix, including confidentiality, security, breach notification, and international transfer safeguards.

C.6 Authoritative List Location

The authoritative, most current provider roster will be maintained at Customer-visible legal pages (e.g., /legal/subprocessors) or upon written request to [email protected]. UnitVox's Appendix C will be updated accordingly and re-dated.

APPENDIX D --- SECURITY OVERVIEW (SUMMARY CONTROLS)

D.1 Security Governance

Executive sponsorship, security policies reviewed annually.

Workforce security training (onboarding + annual refreshers).

Vendor risk management and sub-processor reviews.

D.2 Access Control & Identity

RBAC with least-privilege; periodic access reviews; separation of duties.

MFA required for administrative access; SSO for internal tools where feasible.

Just-in-time (JIT) elevation for production access with logging/approvals.

D.3 Data Protection

Encryption in transit: TLS 1.2+; at rest: AES-256 (or provider equivalent).

Secrets managed via secure vault; key rotation policies.

Data classification and minimization; configurable retention; secure deletion.

D.4 Network & Platform Security

Cloud security baselines; private subnets; security groups; WAF; DDoS protections.

Endpoint hardening with EDR and disk encryption.

Regular backups; tested restoration; RPO: 24h; RTO: 24h targets.

D.5 Application Security

Secure SDLC with code review, SAST/DAST, dependency scanning, SBOM generation.

Penetration testing at least annually and after major changes; remediation SLAs (Critical 7 days; High 14; Medium 30; Low 90).

Change management and CI/CD with artifact signing where feasible.

D.6 Logging, Monitoring, & Incident Response

Centralized logging with retention; alerting to on-call; SIEM correlation.

Incident response plan with defined roles, runbooks, and periodic tabletop exercises.

Breach notification to Customer without undue delay after confirmation.

D.7 Business Continuity & Disaster Recovery

Documented BCP/DR plans; alternate region strategies; dependency mapping.

DR exercises at least annually; lessons-learned remediation tracked.

D.8 Customer Controls & Best Practices

Enforce MFA for your admins; use least-privilege roles; rotate API keys.

Configure IP allowlists and webhooks with signatures.

Set retention windows aligned to your legal requirements.

D.9 AI/Model Safety & Abuse Prevention

Prompt and output filters; jailbreak pattern detection; rate-limit spikes.

Safety escalation to human agents; emergency disclaimers; logging of risky interactions.

No training of general-purpose foundation models on Customer Data without express consent.

APPENDIX E --- SERVICE LEVEL OBJECTIVES (SLO/SLA)

E.1 Availability

Target Uptime: 99.9% monthly for the core SaaS application and APIs.

Downtime Definition: Periods when the API or primary application endpoints return error rates ≥ 5% for at least 5 consecutive minutes, excluding Exclusions (E.4).

Scheduled Maintenance: Typically weekly within a published window; at least 72 hours' notice (emergency maintenance may occur with shorter notice).

E.2 Support & Response Times

Severity Example Initial Workaround Resolution Response Target Target*

Sev 1 -- Complete outage; 1 hour, 4 hours Best efforts, Critical core APIs 24×7 continuous unavailable until resolved

Sev 2 -- Major degradation; 4 business 1 business day 3 business High partial outage hours days

Sev 3 -- Non-critical 1 business day 3 business Next scheduled Medium defect; feature days release malfunction

Sev 4 -- Cosmetic/queries 2 business As planned Future release Low days

*Targets are objectives, not guarantees.

E.3 Service Credits (Exclusive Remedy)

If monthly Uptime falls below target (excluding Exclusions): Uptime in Month | Credit (% of Monthly Fee for affected Service) :--|:-- ≥ 99.0% and < 99.9% | 10% ≥ 98.0% and < 99.0% | 25% < 98.0% | 50% How to Claim: Submit a credit request to [email protected] within 30 days of the end of the affected month including dates/times and incident IDs. Credits apply to future invoices and are capped at 50% of the monthly fee. Credits are the sole and exclusive remedy for uptime shortfalls.

E.4 Exclusions

SLA does not apply to: (a) factors outside UnitVox's reasonable control (force majeure, internet/ISP issues, carrier or cloud provider outages); (b) Customer's or third-party systems, networks, or code; (c) misuse, abuse, or AUP violations; (d) beta/experimental features; (e) scheduled maintenance; (f) emergency maintenance; (g) configuration errors by Customer; (h) telephony/SMS carrier filtering, A2P/10DLC campaign rejections, or changes in carrier policy/law.

E.5 API & Throughput

Rate Limits: As published in developer docs; subject to change for stability. Handle 429 with exponential backoff.

Message Throughput: Subject to carrier/provider constraints and campaign approvals; throughput is not guaranteed.

Data Restoration: Backup restoration targets: RTO/RPO in D.4.

E.6 Maintenance Windows

Standard window: Sundays 02:00--05:00 (America/Chicago) unless otherwise posted.

Emergency maintenance may occur anytime to address critical security or reliability issues.

Revision History

v1.0 --- September 26, 2025--- Initial publication of Appendices A--E.