Network Agreement

DataBillity, Inc. · doing business as Billity AI

Effective date: April 1, 2026 · Last updated: May 9, 2026 · Version 1.3

THIS THIRD-PARTY DATA SHARING NETWORK PARTICIPATION AGREEMENT (“Network Agreement”) is entered into between DataBillity, Inc., doing business as Billity AI (“Billity AI,” “we,” “us,” or “our”), and the Subscriber identified in the applicable Order Form or enrollment confirmation (“Participating Subscriber” or “you”).

This Network Agreement governs the Participating Subscriber’s voluntary participation in the Billity AI Third-Party Data Sharing Network (the “Network”), under which Participating Subscribers may share and receive consented customer data across the Network to enable enhanced marketing, personalized customer experiences, and enriched product and service recommendations.

IMPORTANT: This Network Agreement is a standalone, voluntary addendum to the Billity AI Terms of Service (“ToS”) and is entirely separate from the core Platform subscription. Participation in the Network is optional. Subscribing to the Billity AI Platform does not require participation in the Network, and declining to participate does not affect a Subscriber’s access to or use of any core Platform features. No Subscriber or End Customer may be required, coerced, or incentivized through bundling to participate in the Network as a condition of using the Platform or completing any transaction.

1. Definitions

Capitalized terms used but not defined in this Network Agreement have the meanings assigned to them in the Billity AI Terms of Service and Privacy Policy. The following additional definitions apply:
“Contributed Data” means the specific categories of End Customer data that a Participating Subscriber has elected to share with the Network, as specified in the Participating Subscriber’s Network Enrollment Form and subject to applicable End Customer consent.
“Cross-Network Consent” means the separate, specific, informed, and freely given consent obtained from an End Customer authorizing the sharing of their Personal Data between Participating Subscribers within the Network for the purposes described in this Network Agreement. Cross-Network Consent corresponds to Layer 4 of the consent model described in Section 7.1 of the Privacy Policy.
“Enriched Data” means Contributed Data that has been processed, normalized, enhanced, or supplemented by the Platform’s enrichment engine with consented behavioral signals from other Participating Subscribers within the Network.
“Network” means the Billity AI Third-Party Data Sharing Network, consisting of all Participating Subscribers who have executed this Network Agreement and whose End Customers have provided Cross-Network Consent.
“Network Enrollment Form” means the document (which may be electronic) through which a Subscriber elects to participate in the Network, specifying the categories of data to be contributed, the categories of enrichment data desired, and any restrictions on data sharing.
“Participating Subscriber” means a Subscriber that has executed this Network Agreement and a Network Enrollment Form and whose participation is currently active.
“Receiving Subscriber” means a Participating Subscriber that receives Enriched Data about an End Customer who is common to both the Receiving Subscriber and one or more other Participating Subscribers.

2. Relationship to Other Agreements

2.1 Supplemental Agreement

This Network Agreement supplements, and does not replace, the Billity AI Terms of Service, Privacy Policy, and any applicable Data Processing Agreement (“DPA”). In the event of a conflict between this Network Agreement and the ToS, this Network Agreement shall prevail with respect to matters of cross-network data sharing. In the event of a conflict between this Network Agreement and the Privacy Policy, the Privacy Policy shall prevail with respect to data subject rights and regulatory compliance.

2.2 Standalone Opt-In

This Network Agreement is a standalone, voluntary opt-in. It is not incorporated into the ToS and is not a condition of the Platform subscription. A Subscriber’s decision not to execute this Network Agreement, or to withdraw from the Network at any time, shall have no effect on the Subscriber’s rights under the ToS, including access to all core Platform features: data ingestion, customer profiling, Persona generation, LTV scoring, Billity Bot deployment, analytics, Messaging Services, and single-business consent management.

2.3 No Bundling

Billity AI shall not bundle, tie, or condition any Platform feature, subscription tier, pricing discount, or service entitlement on a Subscriber’s participation in the Network. Similarly, no Participating Subscriber shall condition any End Customer’s ability to complete a transaction, access a service, receive loyalty benefits, or interact with a Billity Bot on that End Customer’s provision of Cross-Network Consent.

3. Enrollment and Activation

3.1 Enrollment Process

To participate in the Network, a Subscriber must:

Execute this Network Agreement.
Complete and submit a Network Enrollment Form specifying: (a) the categories of End Customer data the Participating Subscriber elects to contribute; (b) any restrictions on the types of Participating Subscribers with whom data may be shared (e.g., vertical restrictions, competitor exclusions); (c) the categories of Enriched Data the Participating Subscriber wishes to receive; and (d) the designated Network administrator within the Participating Subscriber’s organization.
Implement the End Customer consent flows required by Section 5 of this Network Agreement.
Have an active, valid Billity AI Platform subscription under the ToS.

3.2 Activation

Network participation becomes active only after: (a) Billity AI has received and accepted the executed Network Agreement and Network Enrollment Form; (b) Billity AI has verified that the Participating Subscriber’s End Customer consent flows meet the requirements of Section 5; and (c) at least one End Customer of the Participating Subscriber has provided valid Cross-Network Consent. Until all three conditions are satisfied, no data will flow across the Network on the Participating Subscriber’s behalf.

3.3 Network Directory

Billity AI will maintain a current list of all Participating Subscribers in the Network (the “Network Directory”). The Network Directory will be accessible to all Participating Subscribers and will be referenced or linked in End Customer consent disclosures so that End Customers can identify the businesses with whom their data may be shared. The Network Directory will be updated within five (5) business days of any Subscriber joining or withdrawing from the Network.

4. Data Sharing Framework

4.1 What Data May Be Shared

The following categories of End Customer data may be shared across the Network, subject to Cross-Network Consent and the Participating Subscriber’s selections in its Network Enrollment Form:

Transaction and billing data: purchase history, payment amounts, frequency, product or service categories, and order identifiers.
Behavioral signals: purchase patterns, product preferences, category affinities, and engagement frequency.
Loyalty data: loyalty program enrollment status, tier, earn/redeem events, and lifetime points (where the loyalty program is integrated with the Platform).
Persona and scoring data: AI-generated Persona assignments, LTV scores, and brand affinity scores.
Mobility data: location visit signals, brand affinity mapping, and before/after visit frequency (where the End Customer has consented to mobility data collection under a separate consent layer).

4.2 What Data Is Never Shared

The following categories of data are excluded from Network sharing under all circumstances and may not be contributed, transmitted, or made available to any other Participating Subscriber through the Network:

Sensitive Personal Data as defined in Section 4.3 of the Privacy Policy, including financial account credentials, government-issued identification numbers, biometric data, health information, and data revealing racial or ethnic origin, religious beliefs, or sexual orientation.
Raw contact information (full name, email address, phone number, mailing address) except to the extent necessary for the Receiving Subscriber to identify a common End Customer within its own existing customer records. Identity resolution is performed by the Platform using tokenized matching; raw PII is not transmitted to the Receiving Subscriber.
SMS opt-in data, text messaging consent records, and mobile subscriber information, consistent with Section 9.3.5 of the ToS.
Data from End Customers who have not provided valid Cross-Network Consent.
Data from End Customers who have withdrawn Cross-Network Consent, effective as of the date of withdrawal.

4.3 Data Flow Architecture

Cross-network data sharing operates through the following architecture, designed to preserve privacy and prevent unauthorized re-identification:

Token-Based Identity Resolution: Billity AI uses token-based pseudonymization to correlate End Customer records across Participating Subscribers. Each Participating Subscriber generates a consistent, one-way token for its End Customers. Billity AI matches tokens across Participating Subscribers to identify common End Customers without transmitting raw PII between Subscribers.
Enrichment Engine Processing: When a common End Customer is identified, the Platform’s enrichment engine aggregates and normalizes the Contributed Data from all Participating Subscribers holding valid Cross-Network Consent for that End Customer. The Enriched Data is then made available to each Receiving Subscriber in the form of enhanced profile attributes, Persona refinements, and enriched recommendation signals.
No Direct Subscriber-to-Subscriber Transfer: Contributed Data is never transmitted directly from one Participating Subscriber to another. All data flows through the Platform’s enrichment engine, which acts as a trusted intermediary. Each Receiving Subscriber receives only the enriched output relevant to its own End Customers, not the raw Contributed Data of other Participating Subscribers.
Consent Gate Enforcement: The cross-network consent gate described in Section 9.2 of the Privacy Policy is enforced at the data query layer, not merely at the application layer. A nightly audit confirms gate integrity. Zero cross-network data is shared for non-consented profiles.

4.4 Permitted Uses of Enriched Data

A Receiving Subscriber may use Enriched Data solely for the following purposes:

Enhancing the Receiving Subscriber’s own customer profiles with additional behavioral signals and affinity data for End Customers who are common to the Receiving Subscriber and other Participating Subscribers.
Powering personalized product and service recommendations, offers, and engagement scripts delivered through Billity Bots and other Platform Channels.
Improving customer segmentation, Persona accuracy, and LTV scoring for the Receiving Subscriber’s own business analytics.
Generating look-alike audiences for the Receiving Subscriber’s own marketing campaigns (where supported by the Platform).

4.5 Prohibited Uses of Enriched Data

A Receiving Subscriber shall not:

Use Enriched Data to contact, solicit, or market to End Customers who are not already customers of the Receiving Subscriber, unless the End Customer has separately consented to receiving communications from the Receiving Subscriber.
Attempt to re-identify, reverse-engineer, or de-anonymize any tokenized or pseudonymized data received through the Network.
Export, download, copy, or transfer Enriched Data outside the Platform, except in aggregated, anonymized, or de-identified form that does not constitute Personal Data.
Share, resell, sublicense, or disclose Enriched Data to any third party outside the Network.
Use Enriched Data for any purpose not described in Section 4.4 or otherwise authorized in writing by Billity AI.
Use Enriched Data in a manner that is discriminatory, predatory, or that targets vulnerable consumers.

5. End Customer Consent Requirements

5.1 Consent Independence

Cross-Network Consent must be obtained separately from, and independently of, all other consent layers described in the Privacy Policy. Specifically:

Cross-Network Consent must not be bundled with consent for transaction completion (Layer 1), sharing with Billity AI for analytics (Layer 2), or Persona creation (Layer 3).
Cross-Network Consent must not be a condition of completing any transaction, accessing any product or service, enrolling in any loyalty program, or using any Billity Bot.
Cross-Network Consent must be obtained through a separate, clearly distinguished opt-in mechanism that requires an affirmative action by the End Customer. Pre-checked boxes, implied consent, and opt-out mechanisms do not satisfy the requirements for Cross-Network Consent under any jurisdiction.

5.2 Consent Disclosure Requirements

The consent disclosure presented to the End Customer at the point of Cross-Network Consent collection must include, at minimum, the following elements in clear, plain language:

Identity of parties: The name of the Participating Subscriber collecting consent, and a statement that data may be shared with other businesses participating in the Billity AI Network.
Network Directory reference: A link to or reference to the current Network Directory (the list of all Participating Subscribers), so the End Customer can identify the specific businesses with whom data may be shared.
Categories of data shared: A clear description of the categories of data that will be shared (e.g., purchase history, product preferences, loyalty data, mobility data).
Purposes of sharing: A clear statement of the purposes for which data will be shared (e.g., “to provide you with personalized product recommendations, offers, and loyalty benefits across participating businesses”).
Right to decline: A clear statement that participation is entirely optional and that declining will not affect the End Customer’s ability to make purchases, access services, use loyalty benefits, or interact with the Subscriber’s Billity Bot.
Right to withdraw: Clear instructions on how to withdraw Cross-Network Consent at any time, including at least two methods (e.g., contacting the Subscriber directly, contacting Billity AI at privacy@billity.ai, or using a self-service portal).
Privacy Policy reference: A link to the Billity AI Privacy Policy.

Manage your cross-network consent preferences →

5.3 Jurisdictional Requirements

5.3.1 United States (CCPA/CPRA)
Cross-network data sharing constitutes “sharing” of Personal Data for cross-context behavioral advertising purposes under the CCPA/CPRA. End Customers who are California residents must be provided with a “Do Not Share My Personal Information” link or equivalent opt-out mechanism, and the sharing must be disclosed in the Subscriber’s CCPA Notice at Collection. Billity AI does not “sell” Personal Data as defined under the CCPA/CPRA, but cross-network sharing may constitute “sharing” under the statute and must be treated accordingly.
5.3.2 Canada (PIPEDA and Québec Act)
Under PIPEDA, Cross-Network Consent must constitute “meaningful consent” as defined by the Office of the Privacy Commissioner’s seven-principle standard. Consent must be: (a) informed, with all relevant information provided at or before the time of collection; (b) specific to the purpose of cross-network sharing; (c) not implied through passive agreement or failure to opt out; and (d) obtained in a manner appropriate to the sensitivity of the data. Under the Québec Act, express consent is required for all cross-network sharing. Implied consent and opt-out mechanisms are not sufficient. A Privacy Impact Assessment (“PIA”) must be conducted for new cross-network use cases involving Québec End Customers.
5.3.3 GDPR-Aligned Principles
Consistent with the Privacy Policy’s incorporation of GDPR principles as a best-practice framework, Cross-Network Consent should satisfy the GDPR standard for consent: freely given, specific, informed, and unambiguous, given by a clear affirmative action. Consent must not be conditioned on unrelated services. If Billity AI expands operations to the EU/EEA, a Data Protection Impact Assessment (“DPIA”) will be conducted for cross-network data flows involving EU data subjects.

5.4 Consent Records

Cross-Network Consent events (grant, modification, withdrawal) are recorded in the Platform’s immutable consent audit trail as described in Section 7.2 of the Privacy Policy. Each consent record captures: (a) the identity of the End Customer; (b) the identity of the Participating Subscriber that collected consent; (c) the specific consent language presented; (d) the date, time, channel, and IP address of the consent event; and (e) the consent status (active, modified, withdrawn). Consent records are exportable per customer on demand and support regulatory inquiry response within seventy-two (72) hours.

5.5 Subscriber Responsibility for Consent

The Participating Subscriber is solely responsible for obtaining valid Cross-Network Consent from its End Customers in accordance with this Section 5 and applicable law. Billity AI provides the consent management infrastructure (consent capture flows, audit trail, withdrawal propagation), but does not control the Subscriber’s customer-facing consent experience. Billity AI may, at its discretion, review Participating Subscriber consent disclosures for compliance and may require modifications before activating Network participation.

6. Consent Withdrawal and Data Deletion

6.1 End Customer Withdrawal

An End Customer may withdraw Cross-Network Consent at any time through any of the following mechanisms:

Contacting the Participating Subscriber that originally collected consent.
Contacting Billity AI directly at privacy@billity.ai.
Using a self-service consent management portal, if made available by the Participating Subscriber or by Billity AI.

End customers may submit withdrawal requests via the Billity Privacy Center (canonical consumer entry): Billity Privacy Center →

(Product routing — May 2026: /manage-consent is the single promoted consumer URL for cross-tenant privacy management (email OTP and Billity-wide preference surfaces); legacy /privacy 302s there. The legacy bare /consent path redirects (302) to /manage-consent; subscriber-scoped magic-link preference management remains on /consent/manage and related paths after verification, consistent with the Network Agreement’s distinction between Participating Subscriber-collected consent and Billity-hosted infrastructure.)

6.2 Withdrawal Propagation

Upon receipt of a valid withdrawal request:

Billity AI will cease cross-network processing of that End Customer’s Personal Data within one (1) hour of receiving the withdrawal notification.
A cascade notification will be sent to all Participating Subscribers who have received Enriched Data about the withdrawing End Customer, within twenty-four (24) hours.
Enriched Data derived from the withdrawing End Customer’s Contributed Data will be removed from all Receiving Subscriber profiles within twenty-four (24) hours.
Anonymized data and Personas derived from the End Customer’s data prior to withdrawal may continue to be used, as they do not constitute Personal Data, consistent with Section 7.4 of the Privacy Policy.
An audit trail entry recording the withdrawal and propagation confirmation will be generated automatically.
Withdrawal of Cross-Network Consent does not affect the End Customer’s consent for other processing layers (Layers 1–3 and Layer 5 in the Privacy Policy). The End Customer’s relationship with the Participating Subscriber and access to non-network Platform features are unaffected.

6.3 Subscriber Withdrawal from the Network

A Participating Subscriber may withdraw from the Network at any time by providing thirty (30) days’ written notice to Billity AI. Upon withdrawal:

The Participating Subscriber’s Contributed Data will cease to be shared with other Participating Subscribers within twenty-four (24) hours of the effective withdrawal date.
Enriched Data that the withdrawing Subscriber previously received from the Network will be purged from the withdrawing Subscriber’s profile enrichments within thirty (30) days.
The withdrawing Subscriber will be removed from the Network Directory within five (5) business days.
The withdrawing Subscriber’s core Platform subscription under the ToS remains unaffected.
Anonymized data and Personas derived prior to withdrawal may continue to be used by Billity AI and other Participating Subscribers.

7. Data Governance and Security

7.1 Data Minimization

Billity AI shares across the Network only the minimum data necessary to achieve the enrichment and personalization purposes described in Section 4.4. Field-level mapping, configured at enrollment, enforces minimization at the source. Participating Subscribers shall not contribute data categories beyond those specified in their Network Enrollment Form.

7.2 Pseudonymization

All cross-network data transfers employ token-based pseudonymization as described in Section 4.3 of this Network Agreement and Section 9.3 of the Privacy Policy. Billity AI does not possess the key or supplementary information necessary to re-identify a data subject from the tokens alone. Each Participating Subscriber generates a consistent token for its End Customers, enabling Billity AI to correlate records without accessing identifiable information. When enrichment results are returned to a Receiving Subscriber, only that Subscriber can re-identify the data using its own key.

7.3 Data Isolation

The Platform enforces strict data isolation between Participating Subscribers at the query layer. A Receiving Subscriber can query enrichment data only for End Customers who: (a) are the Receiving Subscriber’s own customers; (b) have active Cross-Network Consent; and (c) are common to at least one other Participating Subscriber. A Receiving Subscriber cannot browse, search, or access the customer records of any other Participating Subscriber.

7.4 Security Controls

All cross-network data flows are subject to the security controls described in Section 14 of the Privacy Policy and Section 6.4 of the Terms of Service, including AES-256 encryption at rest, TLS 1.3 encryption in transit, role-based access controls, and immutable audit logging. Billity AI will conduct annual third-party penetration testing of the cross-network data infrastructure and will remediate critical findings within thirty (30) days.

7.5 Audit Rights

Each Participating Subscriber shall have the right, upon thirty (30) days’ written notice and no more than once per calendar year, to audit Billity AI’s compliance with the data governance, security, and consent management obligations set forth in this Network Agreement. Audits shall be conducted during normal business hours, at the auditing Subscriber’s expense, and subject to reasonable confidentiality restrictions.

7.6 AI Governance for Cross-Network Enrichment

The Platform’s cross-network enrichment engine uses AI models to correlate, normalize, and enhance Contributed Data across Participating Subscribers. The following AI governance principles apply to all AI-powered processing of Network data:

Training Data Isolation: Contributed Data and Enriched Data will not be used to train or fine-tune general-purpose AI models. AI models used in the enrichment engine are trained on anonymized and aggregated data that does not constitute Personal Data, unless a Participating Subscriber has provided explicit written consent for its data to be used in model training.
Bias and Fairness: AI models used in cross-network Persona generation, brand affinity scoring, and look-alike modeling are subject to the bias and fairness auditing obligations described in Section 7.6 of the ToS. Billity AI will not use cross-network enrichment to generate outputs that discriminate against End Customers on the basis of protected characteristics.
Transparency: Participating Subscribers may request a non-technical explanation of how the enrichment engine generates Enriched Data, including the categories of data used, the types of behavioral signals correlated, and the logic underlying Persona refinements and affinity scores.
Prohibited Enrichment Uses: Enriched Data generated through the Network shall not be used for any purpose listed in Section 7.8 (Prohibited AI Uses) of the ToS, including unlawful discrimination, deceptive manipulation, or covert behavioral scoring.
Subscriber AI Model Integration: Where a Participating Subscriber integrates its own AI models with the Platform and those models process Enriched Data received from the Network, the Participating Subscriber is solely responsible for the outputs of those models and must comply with the Subscriber AI Model obligations described in Section 7.7 of the ToS. Enriched Data shall not be used to train Subscriber AI Models for purposes outside the permitted uses described in Section 4.4 of this Network Agreement.

8. Participating Subscriber Obligations

Each Participating Subscriber represents, warrants, and agrees to the following:

Obtain valid Cross-Network Consent from each End Customer whose data is contributed to the Network, in accordance with Section 5, before any data is shared.
Maintain consent disclosures that accurately describe the current Network participants, categories of shared data, purposes of sharing, and the End Customer’s right to decline or withdraw. Update disclosures within five (5) business days of any material change.
Promptly notify Billity AI when an End Customer withdraws Cross-Network Consent, and cease contributing that End Customer’s data to the Network.
Use Enriched Data only for the permitted purposes described in Section 4.4 and comply with all prohibited use restrictions in Section 4.5.
Not attempt to re-identify, de-anonymize, or reverse-engineer any pseudonymized or tokenized data received from the Network.
Comply with all applicable data protection laws in connection with cross-network data sharing, including the CCPA/CPRA, PIPEDA, Québec Act, and GDPR (where applicable).
Respond to End Customer data subject rights requests (access, correction, deletion, portability, opt-out) in accordance with Section 11 of the Privacy Policy and applicable law, including requests related to cross-network data.
Cooperate with Billity AI and other Participating Subscribers in responding to regulatory inquiries, data subject requests, and data breach investigations related to Network data.
Notify Billity AI immediately of any data breach or security incident that may affect Contributed Data or Enriched Data.

9. Billity AI Obligations

Billity AI represents, warrants, and agrees to the following:

Operate the Network in accordance with the data governance, security, and consent management standards described in this Network Agreement and the Privacy Policy.
Enforce the cross-network consent gate at the data query layer, not merely at the application layer, and conduct nightly audits to confirm gate integrity.
Process Cross-Network Consent withdrawals within the timeframes specified in Section 6.2.
Maintain the Network Directory and make it available for End Customer consent disclosures.
Not share, sell, rent, or license Contributed Data or Enriched Data to any party outside the Network, except in anonymized or de-identified form that does not constitute Personal Data.
Provide Participating Subscribers with reasonable assistance in responding to data subject rights requests and regulatory inquiries related to cross-network data.
Notify Participating Subscribers of any data breach or security incident affecting Network data in accordance with Section 6.5 of the ToS.
Conduct annual Privacy Impact Assessments on cross-network data sharing activities and make summary findings available to Participating Subscribers upon request.

10. Network Fees

Network participation may be subject to additional fees beyond the core Platform subscription, as specified in the applicable Network Enrollment Form or Order Form. Fee structures may include:

A monthly Network participation fee.
A revenue-share or performance-based fee calculated as a percentage of incremental revenue attributable to cross-network enrichment.
Premium enrichment fees for advanced look-alike modeling, custom Persona models, or DOOH activation powered by Network data.
Network fees are separate from and in addition to Platform subscription fees, API fees, and Messaging Services fees described in Section 10 of the ToS. Billity AI will provide at least sixty (60) days’ advance notice of any changes to Network fee structures.

11. Term and Termination

11.1 Term

This Network Agreement is effective as of the date it is executed by the Participating Subscriber and continues until terminated in accordance with this Section 11 or until the Participating Subscriber’s underlying Platform subscription under the ToS expires or terminates, whichever occurs first.

11.2 Termination for Convenience

Either party may terminate this Network Agreement for convenience by providing thirty (30) days’ written notice to the other party. Termination of this Network Agreement does not terminate the Participating Subscriber’s Platform subscription under the ToS.

11.3 Termination for Cause

Either party may terminate this Network Agreement immediately upon written notice if the other party: (a) materially breaches this Network Agreement and fails to cure such breach within fifteen (15) days after receiving written notice; or (b) uses or discloses Contributed Data or Enriched Data in violation of Section 4.5 (Prohibited Uses) or Section 5 (Consent Requirements).

11.4 Effect of Termination

Upon termination of this Network Agreement, the consequences described in Section 6.3 (Subscriber Withdrawal) shall apply. All rights and obligations that by their nature should survive termination shall survive, including Sections 4.5 (Prohibited Uses), 5.4 (Consent Records), 7 (Data Governance), 12 (Limitation of Liability), and 13 (Indemnification).

12. Limitation of Liability

The limitations of liability set forth in Section 15 of the ToS apply to this Network Agreement. In addition:

Billity AI shall not be liable for any losses, damages, or claims arising from a Participating Subscriber’s failure to obtain valid Cross-Network Consent, misuse of Enriched Data, or violation of applicable data protection laws in connection with Network participation.
Billity AI shall not be liable for the accuracy, completeness, or suitability of Contributed Data provided by other Participating Subscribers, or for any business decisions made in reliance on Enriched Data.
Billity AI’s total liability under this Network Agreement, whether arising in contract, tort, or otherwise, shall not exceed the total Network fees paid by the Participating Subscriber during the twelve (12) months immediately preceding the event giving rise to liability.

13. Indemnification

In addition to the indemnification obligations set forth in Section 16 of the ToS, the Participating Subscriber shall defend, indemnify, and hold harmless Billity AI and its officers, directors, employees, agents, and other Participating Subscribers from and against any third-party claim, regulatory action, or proceeding arising from or related to:

The Participating Subscriber’s failure to obtain valid Cross-Network Consent from its End Customers.
The Participating Subscriber’s use of Enriched Data in violation of Section 4.4, Section 4.5, or applicable law.
Any data breach or security incident caused by or attributable to the Participating Subscriber’s systems or personnel affecting Contributed Data or Enriched Data.
Any End Customer complaint, data subject rights request, or regulatory inquiry arising from the Participating Subscriber’s cross-network data sharing practices.

14. Dispute Resolution

Disputes arising under or relating to this Network Agreement shall be resolved in accordance with the dispute resolution provisions set forth in Section 17 of the ToS (Governing Law: State of Delaware; binding arbitration administered by the AAA under its Commercial Arbitration Rules in Seattle, Washington, USA).

15. General Provisions

15.1 Entire Agreement

This Network Agreement, together with the ToS, Privacy Policy, DPA, and applicable Network Enrollment Form, constitutes the entire agreement between the parties with respect to cross-network data sharing. In the event of a conflict between this Network Agreement and the ToS, this Network Agreement prevails for cross-network matters. In the event of a conflict with the Privacy Policy, the Privacy Policy prevails for data subject rights and regulatory compliance.

15.2 Amendment

Billity AI may amend this Network Agreement with sixty (60) days’ advance written notice to all Participating Subscribers. Material amendments (including changes to data categories, consent requirements, or permitted uses) require the Participating Subscriber’s affirmative written acceptance. If a Participating Subscriber does not accept a material amendment, it may terminate this Network Agreement without penalty.

15.3 Severability

If any provision of this Network Agreement is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.

15.4 No Third-Party Beneficiaries

Except for End Customers’ rights to withdraw consent and exercise data subject rights as described in Sections 5 and 6, this Network Agreement does not confer any rights on any third party.

15.5 Notices

All notices under this Network Agreement shall be in writing and delivered by email to the designated Network administrator on file (for notices to the Participating Subscriber) or to legal@billity.ai (for notices to Billity AI).

16. Contact Information

For questions about this Network Agreement or the Billity AI Third-Party Data Sharing Network, please contact:

DataBillity, Inc. d/b/a Billity AI
Attn: Data Protection Officer
Email: privacy@billity.ai
Phone: 206-657-6752
Web: www.billity.ai

The designated Privacy Officer and Data Protection Officer for Billity AI, including for End Customer and Participating Subscriber privacy inquiries that relate to cross-network consent or withdrawal, are identified by name in Section 16 of the Billity AI Privacy Policy (Version 2.3 as of May 9, 2026, subject to future updates posted at billity.ai/legal/privacy-policy).

SIGNATURES

DATABILLITY, INC. d/b/a BILLITY AI

Signature: ________________________________
Name: Bryan Guy, J.D.
Title: CEO & Co-Founder
Date: ________________________________

PARTICIPATING SUBSCRIBER

Company Name: ________________________________
Signature: ________________________________
Name: ________________________________
Title: ________________________________
Date: ________________________________