URL: https://www.productpathpro.com/terms-of-use Effective date: 5 September 2025 Entity: PE Artem Syzonenko (trading as ProductPathPro) Address: 149/100 Kalynova Str., Dnipro, Ukraine Contact: [email protected] Websites/Service: productpathpro.com and associated products, scripts, and dashboards (the “Service”). 1) Acceptance and eligibility By creating an account, installing our script, or using the Service, you agree to these Terms. If you use the Service on behalf of a company, you represent you have authority to bind that company. Eligibility; export control and sanctions. You may not access or use the Service if you (a) are located in, organized under the laws of, or ordinarily resident in Iran, Russia, or Belarus or any jurisdiction subject to comprehensive sanctions (the “Restricted Territories”); (b) are a Sanctioned Person (listed on EU, UK, U.S., UN, or Ukraine sanctions lists); or (c) will use the Service for or on behalf of any of the foregoing. You represent and warrant that you are not prohibited from receiving the Service and will not permit access by Restricted Parties. We may suspend or terminate the Service immediately where required for sanctions/export-control compliance. 2) The service ProductPathPro provides session/screen recording and analytics for websites and web apps via a JavaScript snippet and a hosted dashboard. Intended for professional use; both organizations and individuals may access it. We may improve or change features from time to time. 3) Customer data, roles, and privacy Ownership. You own your Customer Data (recordings, events, metadata). Roles. For personal data within Customer Data, you are the controller and ProductPathPro is processor. DPA & transfers. The ProductPathPro DPA at https://www.productpathpro.com/dpa (incorporating EU SCCs Module 2 and the UK Addendum, where applicable) is incorporated by reference and governs our processing and international transfers. For California personal information, ProductPathPro acts as a service provider. Privacy policy. See https://www.productpathpro.com/privacy . You must provide your own privacy notices and obtain all required end-user consents. 4) Subprocessors and data location Core providers: Linode (US hosting/compute), Cloudflare (global proxy/CDN), Postmark (transactional email). We will give 30 days’ notice before adding a materially new subprocessor. If you reasonably object, you may terminate the affected Service before the change takes effect. 5) Customer responsibilities (critical) You are solely responsible for: Notices and consents. Providing notice to, and obtaining any required consent from, your end users before recording; honoring opt-outs; and maintaining a lawful basis for processing under applicable laws (e.g., GDPR, ePrivacy, CCPA/CPRA, COPPA). Configuration & masking. Correctly configuring capture rules, masking/suppression, URL/page exclusions, IP filtering, and any other privacy settings; not using the Service to capture content you are not permitted to process. Prohibited/sensitive data. Do not intentionally collect: special-category data (e.g., health/PHI, biometric templates, sexual orientation, political/religious beliefs, trade-union membership); government IDs; financial/PCI data; passwords or authentication secrets; precise geolocation of minors; or children’s data without verifiable consent and full legal compliance. Children/minors. The Service is not intended to record users known to be children. You will not use it to record children under 16 (or higher local minimum) unless you have verified parental consent and meet all legal requirements; for the U.S., you must comply with COPPA for users under 13. Sanctions compliance. You will not provision accounts or allow access to the Service from Iran, Russia, or Belarus, or by any Sanctioned Person, and will implement reasonable measures (e.g., IP/geo restrictions, access controls) to prevent such use. You agree to indemnify, defend, and hold harmless ProductPathPro, its owner, and personnel from any claim, loss, or cost (including reasonable legal fees) arising from (a) your Customer Data; (b) your failure to obtain required consents or provide notices; (c) your breach of these Terms or law; (d) your misuse or misconfiguration of the Service; or (e) your breach of Section 1 (sanctions). 6) Security and incidents We implement reasonable technical and organizational measures (TLS in transit; access controls/least privilege; logging/monitoring; vulnerability management). If a security incident affects Customer Data, we will notify you within 72 hours of becoming aware and share available details. 7) Data retention and deletion Default retention: 30 days for raw recordings/events and 30 days for derived analytics; deletion scheduled thereafter. Backups follow standard cycles. No self-service export is currently available. 8) Service levels and support Best-effort availability; no service-credit SLA. Support via [email protected] during business hours (Europe/Kyiv). 9) Fees, credits, taxes, and refunds Free through 1 November 2025. Afterwards, a free trial of 10 credits may be offered. Usage-based model. Access thereafter is prepaid via credits (e.g., “active minutes”). When credits are exhausted, the Service pauses until you top up; you may add funds at any time. No refunds. Payments are non-refundable to the extent permitted by law, including where suspended/terminated for sanctions/export-control reasons. Taxes. Prices exclude taxes. We do not charge VAT; you are responsible for applicable taxes, duties, or withholdings. Chargebacks/fraud. We may suspend upon chargeback or suspected fraud pending resolution. 10) Acceptable use No unlawful surveillance, rights violations, disruption, scraping, benchmarking publication without consent, reverse engineering (except as allowed by law), reselling, or credential sharing. 11) Intellectual property; license; publicity We own the Service and IP. We grant you a limited, revocable, non-exclusive, non-transferable license to use the Service per these Terms. Feedback may be used by us without restriction. Publicity: we may identify you (name/logo) as a customer; opt out any time via email. 12) Changes, maintenance, and deprecation We may modify features, perform maintenance, or deprecate components. We will avoid materially degrading core functionality without notice and announce deprecations with a reasonable runway when feasible. We may update these Terms with 30 days’ notice; continued use after the effective date constitutes acceptance. 13) Term, termination, and suspension Term begins on first use and renews month-to-month. Either party may terminate for convenience with 30 days’ notice. We may suspend or terminate immediately for breach, security risk, legal compliance, sanctions/export-control reasons, non-payment/chargeback, or unlawful use. Upon termination, access ceases and data is deleted per Section 7. 14) Warranties and disclaimers The Service is provided “as is” and “as available” without warranties (express, implied, or statutory), including merchantability, fitness for purpose, non-infringement, or uninterrupted/error-free operation. Masking depends on your configuration and cannot guarantee total redaction under all circumstances. 15) Limitation of liability To the maximum extent permitted by law: No indirect damages. We are not liable for indirect, incidental, consequential, special, punitive, or exemplary damages, or for lost profits, revenues, goodwill, or data. Cap. Our total aggregate liability in any 12-month period is limited to fees you paid in the preceding six (6) months for the portion of the Service giving rise to the claim; if you paid no fees in that period, our liability is USD 0. Nothing in these Terms limits liability that cannot be limited under applicable law. 16) Governing law and venue These Terms are governed by Ukrainian law. The courts of Dnipro, Ukraine have exclusive jurisdiction. 17) Notices We may notify you via email or within the Service. You will send legal notices to [email protected] with subject “Legal Notice.” 18) Assignment You may not assign without our prior written consent. We may assign in connection with a reorganization, merger, or sale, with notice to you. 19) Force majeure No liability for delays/failures caused by events beyond reasonable control (including network/hosting failures, DDoS, war, government actions, strikes, natural disasters). 20) Entire agreement; severability; waiver These Terms, the DPA, and the Privacy Policy constitute the entire agreement. If any provision is unenforceable, it will be modified to the minimum extent necessary; the remainder stays in effect. No waiver is effective unless in writing. Linked policies: Terms of Use: https://www.productpathpro.com/terms‒of‒use Privacy Policy (includes cookies): https://www.productpathpro.com/privacy DPA (with SCCs & UK Addendum): https://www.productpathpro.com/dpa