SERVICES AGREEMENT

THIS SERVICES AGREEMENT (“TERMS” OR “AGREEMENT”) GOVERNS ACCESS TO AND USE OF THE SERVICES PROVIDED BY GOODIE AI INC. (“GOODIE”, “WE”, “US”, OR “OUR”) THROUGH THE SOFTWARE-AS-A-SERVICE PLATFORM AVAILABLE AT https://www.higoodie.com AND ARE ENTERED INTO BY THE ENTITY ON BEHALF OF WHICH THIS AGREEMENT IS ACCEPTED, OR IF THAT DOES NOT APPLY, THE INDIVIDUAL ACCEPTING THESE TERMS (“CUSTOMER”, “YOU”, OR “YOUR”).

IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF YOUR EMPLOYER OR ANOTHER ENTITY, YOU AGREE THAT: (I) YOU HAVE FULL LEGAL AUTHORITY TO BIND YOUR EMPLOYER OR SUCH ENTITY TO THESE TERMS, AND (II) YOU AGREE TO THESE TERMS ON BEHALF OF YOUR EMPLOYER OR SUCH ENTITY.  IF YOU ARE ACCEPTING THESE TERMS USING AN EMAIL ADDRESS FROM YOUR EMPLOYER OR ANOTHER ENTITY, THEN: (I) YOU WILL BE DEEMED TO REPRESENT THAT PARTY, (II) YOUR ACCEPTANCE OF THESE TERMS WILL BIND YOUR EMPLOYER OR THAT ENTITY TO THESE TERMS, AND (III) THE WORD “YOU” OR “CUSTOMER” IN THESE TERMS WILL REFER TO YOUR EMPLOYER OR THAT ENTITY.  

THESE TERMS, TOGETHER WITH ANY ORDER FORMS (AS DEFINED BELOW) AND POLICIES REFERENCED HEREIN (COLLECTIVELY, THE “AGREEMENT”), CONSTITUTE A LEGALLY BINDING CONTRACT BETWEEN YOU AND GOODIE.  IN THE EVENT OF A CONFLICT, THESE TERMS SHALL CONTROL.

BY CLICKING “AGREE” (OR A SIMILAR BUTTON OR CHECK BOX) THAT IS PRESENTED TO YOU AT THE TIME OF CREATING AN ACCOUNT, PLACING AN ORDER, ACCESSING OR USING THE SERVICES (AS DEFINED BELOW), OR OTHERWISE AFFIRMATIVELY INDICATING YOUR ACCEPTANCE OF THESE TERMS, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, YOU MAY NOT ACCESS OR USE THE SERVICES.

1. Definitions

“Customer Data” means all data, content, topics, prompts, configurations, or materials input by Customer through the Services.

“Generated Content” means textual, visual, or multimedia content created by the Services’ artificial intelligence features, including without limitation, content from Goodie’s AEO Content Writer and agentic optimization features, product descriptions, prompts, metadata, and suggested edits, and suggested responses.

“Order Form” means the ordering document, including any pricing plan selection, checkout page, or similar document or interface entered into by Customer and Goodie that references these Terms that is agreed to by both Parties. 

“Order” means a subscription to Services purchased through an Order Form. Each Order will identify the Services to which Customer is subscribing and the applicable time period.

“Output” means all results, information, and materials produced by the Services in response to Customer’s use or inputs, including without limitation Generated Content, data analyses, reports, analytics, recommendations, or other informational results.

“Platform” means Goodie’s proprietary software as a service platform and technology available at https://www.higoodie.com, and any modifications, updates, or upgrades of the same.

“Privacy Policy” means Goodie’s privacy policy at  https://www.higoodie.com/privacy-policy. 

“Services” means Goodie’s provision of the Platform and, to the extent applicable, any ancillary support.

Personal Data has the meaning set forth in Article 4(1) of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), and means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. For clarity, this includes information that can reasonably be linked, directly or indirectly, to a specific individual, such as names, email addresses, IP addresses, device identifiers, user-account credentials, analytics identifiers, and any other data defined as “personal data,” “personal information,” or similar under applicable data-protection laws.

“Telemetry” means information, technical logs, data, metrics, and learnings generated from or related to Customer’s and Users’ use of the Services, such as feature usage, click-throughs, and dwell times, which information does not identify Users, Customer, or any natural human persons as the source thereof. Goodie may use and exploit Telemetry without restriction.

“Third-Party Information” means any content, data, or information not originating from your Users, but from external, public, or internet-based sources, excluding licensed content from third parties within the scope of “Goodie Materials” (defined below).

“User” means any employee, contractor, or agent authorized by Customer to access and use the Services under Customer’s account.

2. Access and Use of Services

2.1 Account Access

During the subscription term, and subject to compliance with these Terms including payment, Goodie grants you a limited, non-exclusive, non-transferable right to access and use the Services solely for your internal business purposes. 

2.2 Users

You are responsible for all activities conducted by your Users and must ensure that each User complies with these Terms, including maintaining the confidentiality of login credentials. You must promptly notify Goodie if you become aware of any unauthorized access to any User login credentials or other unauthorized access to or use of the Services.

2.3 Account Credentials, Acceptable Use, and Legal Compliance

Usernames and Passwords. As part of the registration process, Customer will identify an administrative username and password for Customer’s account.  Customer is responsible for maintaining the confidentiality of its credentials and for all activities occurring under its account. Goodie reserves the right to refuse or remove usernames that are offensive, misleading, infringe third-party rights, or otherwise violate this Agreement. Goodie may refuse or revoke usernames or passwords that: (a) are easily guessable or fail to meet Goodie’s security standards; (b) are offensive, unlawful, or discriminatory; or (c) misrepresent an association with another entity or infringe third-party rights. Goodie may also require password changes to protect the security of the Services.
Acceptable Use. You may use Services only for lawful purposes and in accordance with these Terms. You agree not to:
  • License, sublicense, sell, resell, rent, or otherwise commercially exploit the Services.
  • Make the Services available to any third party.
  • Reverse engineer, decompile, or access source code, except as permitted by law (and then only with notice to Goodie).
  • Compromise, circumvent, or interfere with the integrity, security or performance of the Services, including by attempting to gain unauthorized access to, damage, disrupt, or interfere with any part of the Services, any data contained therein, or any server, computer, or database connected to the Services.
  • Input, upload, or introduce any content, code, or material that is unlawful, malicious, or technologically harmful, including viruses, trojan horses, worms, logic bombs, prompt-based manipulation techniques, or similar harmful components.
  • Use any robot, spider, or other automatic device, process, or means to access the Services for any purpose, including monitoring or copying any of the material on the Services.
  • Use any manual process to monitor or copy any of the material on the Services or for any other unauthorized purpose without our prior written consent.
  • Use any device, software, or routine that interferes with the proper working of the Services.
  • Attack the Services via a denial-of-service attack or a distributed denial-of-service attack.
  • Take any action that may damage or falsify Company rating.
  • Otherwise attempt to interfere with the proper working of the Services.
  • Further, you agree not to use the Services:
    • To build or support products that compete with Goodie or monitor the availability, functionality, or performance of the Services for any competitive purpose, including using the Services to develop or fine-tune competing foundation models;
    • In violation of any applicable national or international laws or regulations (e.g. GDPR, CCPA, FTC, state consumer privacy, and sector-specific), export controls, or third party’s rights.
    • For the purpose of exploiting, harming, or attempting to exploit or harm minors in any way by exposing them to inappropriate content or otherwise.
    • To transmit, or procure the sending of, any advertising or promotional material, including any “junk mail”, “chain letter,” “spam,” or any other similar solicitation.
    • To impersonate or attempt to impersonate Company, a Company employee, another user, or any other person or entity.
    • In any way that infringes upon the rights of others, or in any way is illegal, threatening, fraudulent, or harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity.
    • To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of Service, or which, as determined by us, may harm or offend Company or users of the Services or expose them to liability.
    • In any manner that could disable, overburden, damage, or impair the Services or interfere with any other party’s use of Service, including their ability to engage in real time activities through Service.
    • In connection with any prohibited or high-risk use case as defined by the EU AI Act, including but not limited to: (a) biometric categorization based on sensitive attributes; (b) social scoring; (c) real-time remote biometric identification for law enforcement; or (d) deployment of the Services in any domain regulated as a “high-risk AI system” under Annex III of the EU AI Act, unless expressly authorized in writing by Goodie and subject to a separate agreement that satisfies applicable legal requirements.
Compliance Responsibility. Customer is solely responsible for ensuring its use of the Services complies with the EU AI Act and other applicable laws. Goodie makes no representation that the Services are certified or suitable for use as a “high-risk AI system” under the EU AI Act. Customer must not use the Services in a regulated context without entering into an applicable agreement with Goodie to address those obligations. Customer acknowledges AI regulations are evolving globally and is responsible for compliance with applicable AI laws in all jurisdictions, including emerging U.S. federal and state AI regulations, Canada's proposed AIDA, and sector-specific AI requirements.

Algorithmic Bias Management. Customer acknowledges that AI Services may exhibit bias or produce discriminatory outcomes. Customer agrees to: (a) implement appropriate testing and monitoring for bias in Outputs that affect individuals; (b) provide human oversight for automated decisions that significantly impact individuals; (c) conduct regular fairness assessments appropriate to Customer's use case; and (d) not use AI Services for decisions involving protected characteristics without implementing bias mitigation measures. Goodie will implement commercially reasonable bias detection measures but makes no warranty that AI Services will be free from bias or suitable for all populations.

AI Safety and Response. Customer must promptly notify Goodie of any AI safety incidents, including: (a) Outputs that cause harm to individuals; (b) evidence of systematic bias or discrimination in Outputs; (c) Generated Content that violates laws or platform policies; (d) security incidents involving AI model manipulation or adversarial attacks; or (e) regulatory inquiries related to AI use. Goodie reserves the right to suspend the Services pending investigation of safety incidents and may implement additional safety measures as necessary.

No High-Risk Logging. Unless expressly agreed in writing, the Services are not designed to maintain logs or technical documentation required for high-risk AI systems under the EU AI Act.

HIPAA. Unless expressly agreed to in writing, Customer agrees not to use the Services to transmit or otherwise process Protected Health Information (“PHI”) under HIPAA.

Consumer Protection.  Customer agrees to comply with all applicable consumer protection laws when using the Services, including: (a) FTC Act Section 5 prohibitions on unfair or deceptive practices; (b) truth-in-advertising requirements for AI-generated marketing content; (c) disclosure requirements for AI-influenced recommendations or search results; (d) prohibition on dark patterns or manipulative AI implementations; and (e) accessibility standards for AI-generated content. Customer will not use the Services to engage in practices that could be deemed unfair, deceptive, or manipulative under applicable consumer protection laws.

2.4 Plan Limitations

Your use of the Services may be subject to limitations based on your plan tier or usage thresholds, such as the number of tracked products, prompts analyzed, or user seats, as specified in the applicable Order Form.

2.5 Free Trials and Private Previews. 

Goodie may provide free trials to the Services (“Trial”) from time to time as agreed by Goodie in writing. Goodie may also provide you with access to products, features, technologies or services that are not yet generally available on a free or paid basis, including, but not limited to, any product, service or feature labeled as “beta,” “preview,” “private release,” or “pre-release,” (each, a “Private Preview”). You must comply with any additional and/or modified terms posted or provided to you to access any Private Preview. Private Previews are not covered by customer support or service level agreements unless otherwise stated. Any products, services or features in Private Preview may be inoperable, incomplete or include functionality never released by Goodie. You should not rely on any products, services or features in Private Preview in any manner and your use is at your own risk. Goodie will have access to all information submitted, transferred or inputted to Goodie as it relates to such Private Preview, and may use such information to improve the user experience related to such Private Preview. Trials and Private Previews are provided “as-is” without any warranties of any kind. By using a Trial or Private Preview, you acknowledge and agree that the products, services and/or features may contain errors, may not operate as intended and your use of such may result in data loss or other damages. Goodie will not be liable for any direct, indirect, incidental, special, consequential or punitive damages arising out of or related to the use of a Trial or Private Preview, and Goodie’s liability for all claims arising from the use of a Trial or Private Preview will not exceed US$100.00. Goodie reserves the right to modify, suspend or discontinue a Trial or Private Preview at any time without notice and without liability to you. 

2.6 Removals and Suspension

Goodie has no obligation to monitor Customer Data. Nonetheless, if Goodie becomes aware that: (a) Customer Data may violate law, Section 2.3 (Acceptable Use) or the rights of others, or (b) Customer’s use of the Services threatens the security or operation of the Services, then Goodie may: (i) limit access to, or remove, the relevant Customer Data, or (ii) suspend Customer’s or any User’s access to the Services. Goodie may also take any such measures where required by law, or at the request of a governmental authority. When practicable, Goodie will give Customer the opportunity to remedy the issue before taking any such measures.

3. Third-Party Applications and Integrations

Goodie’s Services may support the integration of third-party applications, platforms, services, or products not provided by Goodie (e.g., OpenAI, Perplexity, Google Analytics), including through APIs (each a “Third-Party Platform”). Your use of Third-Party Platforms is subject to the applicable third-party agreement and/or those providers' terms and conditions and not these Terms. Goodie does not control and has no liability for Third-Party Platforms, including their security, functionality, operation, availability, or interoperability with the Goodie Materials or how the Third-Party Platforms or their providers use Customer Data. Goodie is not responsible for any acts or omissions of these Third-Party Platforms.

When you elect to integrate Goodie with any Third-Party Platform, you authorize Goodie to access and exchange Customer Data with such Third-Party Platform on your behalf. To the extent an integration with a Third-Party Platform requires that Goodie use Customer’s access credentials for such Third-Party Platform, Customer: (a) agrees to provide such credentials, (b) represents and warrants that Customer has all necessary rights to provide such credentials, and (c) authorizes Goodie to use such credentials on Customer’s behalf in connection with the provision of the Services. Goodie disclaims any liability for unauthorized use, disclosure alteration or destruction of Customer Data resulting from processing by Third-Party Platforms. Goodie does not guarantee the availability of such integrations or their interoperability with Goodie’s Services. Customer uses Third-Party Platforms at its own risk.

For the avoidance of doubt, integrations that allow Customers to import data from their own third-party analytics accounts (such as Google Analytics/GA4) into the Services are distinct from other Third-Party Platforms monitored by the Services (e.g., AI model APIs). In such integrations, Customer remains the controller of the data imported, and Goodie acts as the processor solely to the extent necessary to perform analytics and reporting within the Services. No data is transmitted or shared from the Services back to the Customer’s third-party analytics account.

4. Data Segregation & No AI Model Training

Customer Data belonging to you is strictly segregated and will not be accessible by other users outside of your organization.  Goodie will not train artificial intelligence models on Customer Data unless explicitly agreed in a separate agreement. Goodie will not disclose or use your Customer Data for any commercial purpose unrelated to uses identified herein absent your written consent. 

5. Intellectual Property 

5.1 Customer Data

As between the parties, you retain full ownership of your Customer Data (excluding Goodie Materials). By using Goodie’s Services, you grant Goodie and its licensors a limited non-exclusive, worldwide, sublicensable, royalty-free license to use copy, store, disclose, transmit, transfer, publicly display, modify, create derivative works from, and process Customer Data solely for the following purposes: 
  1. To perform its obligations under this Agreement;
  2. To provide and improve the Services, including addressing and preventing technical problems;
  3. To derive, generate, and use without restriction Telemetry;
  4. To comply with legal obligations.
Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data (including prompts, uploads, training sets, third-party integrations, and configuration choices) and for how Customer and its Users use any Output. Customer represents and warrants to Goodie that Customer Data, and Customer’s collection, provision, and use of Customer Data in connection with the Services, will not:
(a) infringe, misappropriate, or otherwise violate any Intellectual Property rights;
(b) violate any applicable privacy, data protection, confidentiality, or rights-of-publicity laws or obligations;
(c) contain content that is illegal, unlawful, fraudulent, obscene, defamatory, harassing, harmful, invasive of personal privacy, or otherwise prohibited by applicable law;
(d) contain viruses, malware, malicious code, or any software intended to disrupt or damage systems, software, or data, or to bypass Service security or safety measures;
(e) create an unreasonable risk of injury, loss, or damage to any person, property, system, or data;
(f) violate laws governing unsolicited communications or electronic marketing (including, as applicable, CAN-SPAM, the Telephone Consumer Protection Act, ePrivacy/PECR, CASL, or analogous laws);
(g) constitute or promote conduct that would give rise to civil liability or criminal offense under any applicable law;
(h) include material Customer lacks the legal right or authority to use, disclose, transmit, or store;
(i) otherwise violate any applicable law, regulation, third-party terms, or any provision of this Agreement;
(j) include Classified Information (as defined under applicable U.S. federal law and regulations, including Executive Order 13526 and DoD regulations), Controlled Unclassified Information (CUI) (32 C.F.R. Part 2002; DFARS 252.204-7012), or Federal Contract Information (FCI) (FAR 52.204-21);
(k) intentionally include special-category or highly sensitive data (e.g., biometric identifiers or templates; precise geolocation; government IDs; full financial account numbers; authentication credentials; or PHI under HIPAA) unless expressly permitted by this Agreement and applicable law and protected by appropriate safeguards; or
(l) be used to train, fine-tune, extract model parameters from, or otherwise derive competitive models, or to evade or disable AI safety or content-integrity mechanisms.

Customer further represents and warrants that it has obtained all necessary rights, consents, and authorizations, including providing all required notices and establishing a valid legal basis where required by law, to provide Customer Data to Goodie and to authorize Goodie to access, process, store, use, and transmit Customer Data in accordance with this Agreement. Customer is solely responsible for ensuring that its use of the Services complies with all applicable federal, state, and international laws, regulations, and contract clauses governing data classification, access, and handling, including, as applicable, the FAR, DFARS, ITAR, and the National Industrial Security Program (NISP).

Where Customer enables integrations with Third-Party Platforms or supplies credentials/keys for such platforms, Customer represents and warrants that it has the right to provide such access and instructs Goodie to use that access solely to provide the Services.

Goodie will have no liability for any loss, damage, regulatory exposure, or security incident arising from (i) Customer’s breach of this Section; (ii) Customer’s submission of restricted, classified, or otherwise regulated data without the required authorizations and safeguards; or (iii) Customer’s deployment of the Services or Output in prohibited, safety-critical, or high-risk environments contrary to this Agreement.

5.2 Feedback

You may, on an entirely voluntary basis (including through functionality within the Services, such as “thumbs up/thumbs down” features), submit feedback or suggestions (“Feedback”). All Feedback is the property of Goodie, and Goodie may use and modify such Feedback without any restriction or compensation.

5.3 Goodie Materials, Output, and Generated Content

All right, title, and interest (including all Intellectual Property and proprietary rights) in the Services, including, but not limited to: (a) all underlying and associated technology, software, source code, object code, models, algorithms, data sets, training data, documentation, user interfaces, designs, workflows, processes, methods, know-how, and trade secrets; (b) all features, functionalities, analytics, and visualizations, and any improvements, modifications, enhancements, updates, upgrades, or derivative works thereof; (c) all prompts provided by Goodie (except any User modifications reflected in such prompts); (d) any licensed content from third parties; and (e) any and all other technology, inventions, works of authorship, or materials developed, used, or provided by Goodie in connection with the Services (collectively, “Goodie Materials”) belong exclusively to Goodie or its licensors. Goodie retains all rights to any Output other than Generated Content created through the Services. To the extent any rights may arise in agentic Generated Content, Goodie hereby assigns to Customer all of Goodie’s right, title, and interest, if any, in and to such Generated Content.

Outputs generated by the Services are machine-generated and may not be factually accurate. You acknowledge that, due to the nature of the Services and artificial intelligence technologies generally, that Output may not be unique and other users of the Services may receive output from the Services that is similar or identical to Customers’ Output. You are solely responsible for reviewing, evaluating, and determining the suitability of any Output or Generated Content before relying on it or using the same. Where required by law (including the EU AI Act), Customer must disclose that content is AI-generated when communicating such content to others.The Output may also incorporate or be derived from Third-Party Information. You acknowledge that Goodie does not manage or control Third-Party Information. Goodie does not control, verify, or endorse any such Third-Party Information and disclaims all liability arising from its use.

5.4 Residual Rights

Any rights not expressly granted to you are reserved by Goodie or its licensors.

6. Fees and Payment

Fees are specified in the applicable Order Form. All fees are due as invoiced through our payment processor (currently, Stripe) and are payable upon receipt of an applicable invoice in U.S. dollars unless otherwise specified. Fees are non-refundable, except as set forth in Section 10.1 (Warranties) or as otherwise expressly provided in this Agreement. Late payments may incur interest at 1.5% per month or the maximum allowed by law, whichever is lower. All fees are exclusive of applicable taxes, which will be billed to you as required by law. All payments made by Customer are non-refundable regardless of actual usage. Goodie reserves the right to increase fees at renewal of the applicable subscription term. Your purchase relies only on the features and functions of the Services that are currently available as a generally available release. Goodie makes no commitment to deliver any future features or functions. The development, release and timing of any features or functions remains in Goodie’s sole discretion.

7. Term and Termination

7.1 Term

This Agreement remains in effect for the initial term specified in your Order Form, unless terminated earlier in accordance with these Terms. Except as otherwise stated in your Order Form, subscriptions will automatically renew for successive periods equal in length to the expiring term unless either party provides at least thirty (30) days' prior written notice of non-renewal. 

7.2 Termination

Either party may terminate the Agreement if the other materially breaches any provision and fails to cure such breach within 30 days of written notice. Company may suspend or terminate this Agreement immediately upon written notice if Customer fails to pay undisputed amounts when due.

Upon termination, your access to the Services will be suspended, and Goodie may delete your Customer Data in accordance with our Privacy Policy.

7.3 Survival

All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability. 

8. Confidentiality

“Confidential Information” means information disclosed to the receiving party (“Recipient”) under this Agreement that is designated by the disclosing party (“Discloser”) as proprietary or confidential or that should be reasonably understood to be proprietary or confidential due to its nature or the circumstances of its disclosure. Customer Data is considered Customer Confidential Information. Goodie Materials are Goodie’s Confidential Information. Each party may use the other’s Confidential Information solely for the purpose of fulfilling its obligations under the Agreement and shall not disclose Confidential Information to any third party without Discloser’s consent except (i) as necessary to provide the Services, (ii) as required by law or legal process, or (iii) as expressly permitted by Discloser. This restriction does not apply to information that (a) is or becomes publicly available through no fault of Recipient, (b) was lawfully in Recipient’s possession before Discloser provided it, (c) is independently developed without reference to Discloser’s data, or (d) is rightfully received from a third party.

9.  Logo Use

Goodie may include Customer logo in its promotional materials or website but will cease further use upon written request by Customer.

10. Warranties and Disclaimers

10.1 Warranties

Goodie warrants that during the subscription term, the Services will materially perform in accordance with any documentation provided by Goodie or specifications in an Order. This warranty does not apply to (a) any Trial or Private Preview, (b) any use not in accordance with the documentation or terms of this Agreement, or (c) any bug or defect attributable to software, hardware, or a product not supplied by Goodie. Customer’s exclusive remedy and Goodie’s entire liability for breach of the Product Warranty shall be Termination per Section 7.2 of these Terms, whereby in the event of an uncured material breach, Goodie will promptly refund to Customer all prepaid, unused fees paid by Customer to Goodie relating to the terminated subscription term. The foregoing is conditioned upon Customer notifying Goodie within thirty (30) days of becoming aware of the condition giving rise to a claim during the subscription term.

10.2 Disclaimers

EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN THESE TERMS, TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY MAKES ANY REPRESENTATION OR WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND EACH HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, SYSTEMS INTEGRATION, QUALITY, OR ANY OTHER IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. THE SERVICES, INCLUDING ANY ARTIFICIAL INTELLIGENCE MODELS, OUTPUTS, RESPONSES, REPORTS, OR OTHER RESULTS GENERATED BY THE SERVICES (“AI OUTPUT”), ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITH ALL FAULTS, AND THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, SAFETY, LEGALITY, OR USEFULNESS OF ANY AI OUTPUT IS WITH THE USER.

WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, COMPANY DOES NOT WARRANT THAT THE SERVICES OR AI OUTPUT WILL (A) PERFORM WITHOUT INTERRUPTION, ERROR, BIAS, OR HALLUCINATION; (B) BE ACCURATE, COMPLETE, CURRENT, OR RELIABLE; (C) BE SECURED FROM HACKING, ADVERSARIAL ATTACKS, OR OTHER UNAUTHORIZED INTRUSION, OR THAT CUSTOMER DATA WILL REMAIN PRIVATE OR SECURE; (D) BE FREE OF VIRUSES, MALICIOUS CODE, OR SECURITY VULNERABILITIES; (E) MEET CUSTOMER’S BUSINESS, REGULATORY, OR COMPLIANCE REQUIREMENTS, OR OPERATE WITH CUSTOMER’S EXISTING HARDWARE, SOFTWARE, OR SYSTEMS; OR (F) NOT CONTAIN CONTENT OR RESULTS THAT MAY BE OFFENSIVE, HARMFUL, OR OBJECTIONABLE.

NO EMPLOYEE, AGENT, OR REPRESENTATIVE OF COMPANY IS AUTHORIZED TO MAKE ANY ADDITIONAL OR DIFFERENT REPRESENTATIONS OR WARRANTIES ON BEHALF OF COMPANY. CUSTOMER ACKNOWLEDGES THAT IT HAS NOT RELIED ON ANY REPRESENTATIONS OR WARRANTIES OTHER THAN THOSE EXPRESSLY SET FORTH IN THIS AGREEMENT. CUSTOMER FURTHER UNDERSTANDS THAT ARTIFICIAL INTELLIGENCE TECHNOLOGIES ARE PROBABILISTIC IN NATURE, MAY GENERATE SIMILAR OR IDENTICAL OUTPUTS FOR MULTIPLE USERS, MAY REFLECT LIMITATIONS OR BIASES IN TRAINING DATA, AND MAY NOT BE SUITABLE FOR USE WITHOUT INDEPENDENT HUMAN REVIEW AND VALIDATION.

IN ADDITION, CUSTOMER ACKNOWLEDGES THAT THE INTERNET AND CLOUD-BASED ENVIRONMENTS ARE NOT INHERENTLY SECURE, MAY BE UNRELIABLE, AND ARE SUBJECT TO INADVERTENT OR DELIBERATE BREACHES OF SECURITY, INTERRUPTION, OR DISRUPTION, FOR WHICH COMPANY SHALL NOT BE LIABLE.

11. Limitation of Liability

11.1 Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY LAW, EXCEPT FOR LIABILITY ARISING FROM EXCLUDED CLAIMS, EACH PARTY’S TOTAL AGGREGATE LIABILITY UNDER OR RELATING TO THIS AGREEMENT AND THE SERVICES, REGARDLESS OF THE NATURE OF THE OBLIGATION, FORM OF ACTION, OR THEORY OF LIABILITY (INCLUDING WITHOUT LIMITATION CONTRACT, TORT, NEGLIGENCE, INDEMNITY, OR PRODUCT LIABILITY), WILL NOT EXCEED THE FEES ACTUALLY PAID OR PAYABLE BY CUSTOMER TO GOODIE IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO SUCH LIABILITY. THIS LIMITATION OF LIABILITY IS CUMULATIVE AND NOT PER INCIDENT, AND APPLIES EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY OR COMPANY’S SUPPLIERS OR LICENSORS, BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION ANY LOST PROFITS OR BUSINESS OPPORTUNITIES, LOSS OF REVENUE, LOSS OF GOODWILL, BUSINESS INTERRUPTION, LOSS OR INACCURACY OF DATA, LOSS OF USE OF THE SERVICES, OR COSTS OF SUBSTITUTE GOODS OR SERVICES, UNDER ANY THEORY OF LIABILITY (WHETHER IN CONTRACT, TORT, NEGLIGENCE, PRODUCT LIABILITY, STRICT LIABILITY, OR OTHERWISE),EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE. CUSTOMER ACKNOWLEDGES AND AGREES THAT ITS PAYMENT OBLIGATIONS UNDER THIS AGREEMENT SHALL NOT BE CONSIDERED COMPANY’S LOST PROFITS OR LOSS OF REVENUE FOR PURPOSES OF THIS SECTION.

WITHOUT LIMITING THE FOREGOING, COMPANY SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM OR RELATED TO (A) THE ACCURACY, COMPLETENESS, RELIABILITY, OR SUITABILITY OF ANY AI-GENERATED CONTENT, OUTPUTS, OR RECOMMENDATIONS; (B) ERRORS, OMISSIONS, BIAS, OR HALLUCINATIONS IN AI-GENERATED CONTENT; (C) THE USE OR INABILITY TO USE THE SERVICES DUE TO POWER OUTAGES, SYSTEM OR BACKUP FAILURES, OR OTHER INTERRUPTIONS (SUBJECT TO ANY OBLIGATIONS UNDER AN APPLICABLE SERVICE LEVEL AGREEMENT); (D) SECURITY BREACHES, HACKING, ADVERSARIAL ATTACKS, OR UNAUTHORIZED ACCESS; OR (E) THE CUSTOMER’S RELIANCE ON OR FAILURE TO INDEPENDENTLY VERIFY AI OUTPUT.

11.2  Excluded Claims

“EXCLUDED CLAIMS” IN THIS SECTION 11 MEANS EITHER PARTY’S INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 12, GROSS NEGLIGENCE OR WILFUL MISCONDUCT.

11.3 Allocation of Risk

BY ENTERING INTO THIS AGREEMENT, YOU ACKNOWLEDGE AND AGREE THAT GOODIE’S PRICING AND THE SERVICES ARE BASED UPON THE DISCLAIMERS OF WARRANTY AND THE LIMITATIONS OF LIABILITY HEREIN. THESE TERMS ARE INTENDED TO FAIRLY ALLOCATE RISK BETWEEN THE PARTIES (INCLUDING THE RISK OF POTENTIAL FAILURE OF CONTRACTUAL REMEDIES AND CONSEQUENTIAL LOSSES). THE DISCLAIMERS OF WARRANTY AND THE LIMITATIONS OF LIABILITY FORM THE ESSENTIAL BASIS OF THE BARGAIN BETWEEN YOU AND GOODIE.

12. Indemnity

12.1 Indemnification By Goodie.

Goodie will defend and indemnify Customer against any third party claim, suit, or proceeding arising out of, related to, or alleging infringement by the Services of any United States copyright or misappropriation of any trade secret. The foregoing obligations do not apply with respect to (a) Customer Data; (b) Output based on Customer Data; (c) Customer's use of Generated content from Goodie's agentic actions or optimization hub features (including without limitation Goodie’s AEO content writer); (d) portions or components of the Services: (i) not supplied by Goodie, (ii) combined with other products, processes or materials (including Third-Party Platforms or Customer Data), or (iii) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement; (e) where Customer's use of the Services is not strictly in accordance with this Agreement; (f) if Customer settles or makes any admissions about a claim without Goodie's prior written consent; or (g) Trials and Private Previews and other free or evaluation use of features or the Services. If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be or are believed by Goodie to be infringing, Goodie may, at its option and expense (a) replace or modify the Services to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (b) obtain for Customer a license to continue using the Services, or (c) if neither of the foregoing is commercially practicable, terminate this Agreement and Customer’s rights hereunder and provide Customer a refund of any prepaid, unused fees for the Service.

12.2 Indemnification by Customer.

Customer will defend and indemnify Goodie, and its officers, affiliates, representatives, contractors and employees against any third party claim, suit, or proceeding alleging, arising out of or relating to: (a) Customer Data, including any claim that the submission, storage, transmission, or use of Customer Data in connection with the Services, including any Output, infringes, misappropriates, or otherwise violates any Intellectual Property rights, privacy rights, publicity rights, or confidentiality obligations of any third party; (b) Customer’s breach or misrepresentation regarding Customer Data; (c) alleged or actual misuse of the Services, including by Customer’s end users, subscribers, employees, or customers; (d) any unauthorized access to, or disclosure, loss, or misuse of, personal, financial, or otherwise sensitive information resulting from the acts or omissions of Customer, its personnel, or its end users; (e) Customer’s violation of any applicable law, regulation, or third party rights (including data protection, export control, marketing laws, and Customer’s use of the Services in violation of the EU AI Act, including any deployment of Outputs in prohibited or high-risk contexts) in connection with its use of the Services; or (f) arising out of any claim that Customer's use, publication, distribution, or commercialization of Output or Generated Content from the Services' agentic actions or optimization hub features (including without limitation Goodie’s AEO content writer) infringes upon, misappropriates or otherwise violates any patent, copyright, trade secret, trademark, or other proprietary right of a third party, or violates any applicable law, regulation, or third party rights. Customer agrees to pay all amounts that a court awards or that Customer agrees to and Goodie approves in settlement of such claim(s) as well as any and all expenses or charges arising from such claim(s) as they are incurred by Goodie or any other party indemnified under this Section. 

12.3 Indemnification Procedures

The indemnifying party's obligations under this Section 12 are conditioned upon the indemnified party: (a) providing the indemnifying party with prompt written notice of any claim, demand, suit or proceeding for which indemnification is sought (provided that failure to give such notice shall not relieve the indemnifying party of its indemnification obligations except to the extent it is materially prejudiced thereby); (b) granting the indemnifying party sole control of the defense and settlement of such claim (provided that the indemnifying party may not settle any claim that imposes obligations on the indemnified party without the indemnified party's prior written consent); and (c) providing reasonable cooperation and assistance in the defense of such claim at the indemnifying party's expense. The indemnified party may participate in the defense with counsel of its choice at its own expense. Neither party will be responsible for a settlement it does not approve in writing. Indemnifying party’s obligations in this Section 12 include: (i) settlement at indemnifying party’s expense and payment of judgments finally awarded by a court of competent jurisdiction, as well as payment of court costs and other reasonable expenses; and (ii) reimbursement of reasonable attorneys’ fees incurred.

12.4 Exclusive Remedy

THE REMEDIES SET FORTH IN SECTION 12  SHALL BE THE INDEMNIFIED PARTY’S SOLE AND EXCLUSIVE REMEDY AND THE OTHER PARTY’S ENTIRE LIABILITY RELATED TO ANY CLAIM OF INFRINGEMENT OR MISAPPROPRIATION OF THIRD-PARTY RIGHTS.

13. Data Protection

13.1 Roles and Scope

To the extent Goodie processes Personal Data on behalf of Customer in providing the Services (“Customer Personal Data”), Customer is the controller (or business) and Goodie is the processor (or service provider). Goodie is an independent controller for Personal Data it processes for account administration, billing, security monitoring, service improvement, compliance, and telemetry, as described in the Privacy Policy. For Customers located in, or processing Personal Data of individuals located in, the United States, European Economic Area, United Kingdom, or Switzerland, the parties agree to Goodie’s modular Data Processing Addendum (“DPA”) attached as Exhibit A which is incorporated into and forms part of this Agreement. The DPA consists of three modules: (i) Module 1 applies to Customers located in the United States or processing Personal Data of US residents; (ii) Module 2 applies to Customers located in, or processing Personal Data of individuals located in, the European Economic Area, United Kingdom, or Switzerland; and (iii) Module 3 applies to all Customers.  Capitalized terms used in this Section 13 and not otherwise defined in the Agreement have the meanings set forth in the DPA.

13.2 Subprocessors

Customer authorizes Goodie to engage subprocessors to process Customer Personal Data as set forth in the DPA. Each Subprocessor is subject to written terms that require data-protection, confidentiality, and security measures as required by applicable law. Goodie maintains a current list of Subprocessors at https://www.higoodie.com/subprocessors and will provide advance notice of any new subprocessors. 

13.3 Security and Incident Notice

Goodie will implement appropriate technical and organizational measures to protect Customer Personal Data as described in the DPA.  If Goodie becomes aware of a Personal Data breach affecting Customer Personal Data, Goodie will notify Customer in accordance with the applicable module of the DPA and provide information and cooperation reasonably required for Customer to meet its incident-response obligations.

13.4 International Transfers

This Section 13.4 applies only to Customers subject to Module 2 of the DPA. Where Customer Personal Data is transferred from the EEA, Switzerland, or the UK to a country not deemed adequate, the transfer will be governed by the mechanisms set forth in Module 2, Section 4 of the DPA, including: (i) the EU Standard Contractual Clauses as completed in the DPA; and (ii) the UK International Data Transfer Addendum, as applicable, together with any supplementary measures required by law.

13.5 Data Subject Requests and Cooperation

Goodie will provide reasonable assistance, at Customer’s request and expense, to help Customer respond to data subject requests and comply with applicable data protection obligations, as set forth in the applicable module of the DPA.

13.6 Responsible AI Transparency

The Services may generate machine-generated outputs that may be inaccurate or unsuitable without human review. Customer is responsible for evaluating outputs and complying with applicable law, including restrictions on biometric identifiers, special-category inferences, child-related data, and transparency for synthetic media where required. Customer will not use the Services to generate or disseminate unlawful or deceptively undisclosed synthetic content.

13.7 Consumer Rights Preservation

Nothing in this Agreement (including governing law, venue, arbitration, auto-renewal, or limitations of liability) is intended to exclude or limit any non-waivable consumer rights under applicable law. Where Customer qualifies as a consumer under the law of their habitual residence, mandatory consumer protections of that jurisdiction prevail to the extent required.

13.8 Renewals and Price Changes

For term subscriptions, Goodie will provide notice of renewal and any price changes at least thirty (30) days before the renewal date. Customer may cancel renewal via the account settings or by written notice prior to renewal. Any statutory cooling-off rights for consumers remain unaffected.

13.9 Marketing & Cookies

Marketing communications and use of cookies or similar technologies are governed by the Privacy Policy and any Cookie Policy. Where consent is required by law, Goodie will obtain it and respect withdrawal.

13.10 EU/UK Representatives 

For Customers subject to Module 2 of the DPA, and where required by Article 27 GDPR/UK GDPR, Goodie has appointed as its EU and/or UK representative Data Privacy Services (info@dataprivacyservices.co.uk) for data-protection inquiries only.

14. General

14.1 Governing Law

These Terms are governed by the laws of the State of New York, without regard to conflict of law rules. Venue will be in the federal or state courts located in New York, NY. The parties irrevocably waive all claims and defenses either might otherwise have in any action or proceeding in any of the applicable courts set forth above, based on any alleged lack of personal jurisdiction, improper venue, forum non conveniens, or any similar claim, or defense. The United Nations Convention on Contracts for the International Sale of Goods will not apply to this Agreement. Nothing in this Section limits statutory rights available to consumers under applicable law.

14.2 Dispute Resolution

Customer and Goodie agree to resolve any disputes, claims or controversies arising out of or relating to this Agreement (the “Dispute”) in accordance with this Section.

The parties will first attempt in good faith to resolve the Dispute by informal negotiation, which may include non-binding mediation if agreed by the parties. The informal negotiation period will begin when the party asserting the Dispute sends a written notice to the other party describing the facts and circumstances of the Dispute. 

If, after sixty (60) days from the date the notice of Dispute is sent, the parties are unable to resolve the Dispute; either party may commence binding arbitration, unless the parties have agreed to extend the informal dispute resolution period by mutual written agreement. THE PARTIES AGREE THAT ANY DISPUTE NOT RESOLVED INFORMALLY SHALL BE RESOLVED ON AN INDIVIDUAL BASIS THROUGH BINDING ARBITRATION AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. THE PARTIES EXPRESSLY WAIVE ANY RIGHT TO BRING OR PARTICIPATE IN A CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR ANY OTHER REPRESENTATIVE ACTION IN ANY FORUM, WHETHER IN ARBITRATION OR OTHERWISE. 

The parties agree that exclusive jurisdiction for the Dispute shall be binding arbitration before one arbitrator and administered: (a) For US Customers: By Judicial Arbitration and Mediation Services, Inc. (“JAMS”) pursuant to its Comprehensive Arbitration Rules and Procedures. The arbitrator shall be selected in accordance with JAMS rules, or if the parties agree, from a list of at least three candidates provided by JAMS, with each party having the right to strike one candidate. (b) For non-US Customers: By the International Chamber of Commerce (“ICC”) pursuant to its Rules of Arbitration. The arbitrator shall be appointed in accordance with the ICC Rules. Nothing in this Section limits statutory rights available to consumers under applicable law.

If the parties fail to agree on an arbitrator within thirty (30) days after arbitration is initiated, the applicable arbitration administrator (JAMS or ICC) shall appoint an arbitrator according to its rules. Arbitration shall be initiated under the rules of Judicial Arbitration and Mediation Services, Inc. if Customer is a US entity or International Chamber of Commerce if Customer is a non-US entity. The arbitration shall be conducted in English, with a written decision stating the legal reasoning issued by the arbitrator. The parties will be responsible for paying their respective shares of any of the costs associated with the arbitration.

Either party may obtain injunctive relief (preliminary or permanent) and orders to compel arbitration or enforce arbitral awards in any court of competent jurisdiction. 

BY ENTERING INTO THIS AGREEMENT, CUSTOMER AGREES IT IS HEREBY GIVING UP ITS RIGHT TO LITIGATE A DISPUTE IN COURT BEFORE A JUDGE OR JURY.

14.3 Limitation

CUSTOMER AND GOODIE AI AGREE THAT ANY CAUSE OF ACTION ARISING OUT OF OR RELATED TO THE SERVICES MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.

14.4 Assignment

You may not assign these Terms without Goodie’s prior written consent. Goodie may assign these Terms in connection with a merger, acquisition, or sale of assets.

14.5 Force Majeure

No delay, failure, or default (other than Customer’s obligation to pay fees when due, where payment can still be made electronically or through other commercially reasonable means) will constitute a breach of this Agreement to the extent such delay, failure, or default results from a Force Majeure Event. A “Force Majeure Event” means any cause beyond a party’s reasonable control, including but not limited to natural disasters, acts of government, acts of terrorism, war, labor disputes, civil disturbances, epidemics or pandemics, power outages, failures or interruptions of telecommunications, Internet, hosting, or cloud service providers, third-party platform or model availability (including API providers and large language model vendors), or widespread software, hardware, or supply chain failures.

The party affected by a Force Majeure Event shall use commercially reasonable efforts to mitigate its impact and to resume performance as soon as practicable. However, if any delay or failure continues for more than thirty (30) days, the non-affected party may terminate this Agreement without further liability.

Notwithstanding the foregoing, Company shall not be deemed in breach for suspending, limiting, or modifying the Services as necessary to: (a) protect against or respond to cybersecurity threats, attacks, or incidents; (b) comply with applicable laws or governmental requests; (c) respond to outages, degradation, or unavailability of underlying third-party infrastructure, models, or APIs; or (d) address issues relating to the safety, integrity, or misuse of AI-generated content.

14.6 Export Compliance 

The Platform is controlled and operated from the United States and is subject to its export control and sanctions laws and regulations. You represent that, you are (a) not located in, organized under the laws of, or ordinarily resident in any country or region subject to comprehensive U.S. embargoes or sanctions, (b) are not identified on, and will not permit any person to access or use the Platform who is identified on, any U.S. government restricted party list, and (c) will not export, re-export, transfer, access or use the Platform or any AI Output in violation of any U.S. export control or sanctions laws or regulations. You acknowledge that remote access may in certain circumstances be considered a re-export under U.S. law. You are solely responsible for compliance with all applicable import, use, and re-export restrictions.

14.7 Severability

If any provision of this Agreement is held to be unenforceable, such provision will be modified to reflect the parties' intention and only to the extent necessary to make them enforceable, and the remaining provisions of the Agreement will remain in full effect.

14.8 Entire Agreement

These Terms, along with Goodie’s Order Form, Privacy Policy, and Data Processing Addendum constitute the entire agreement between you and Goodie regarding the Services and supersede prior agreements or understandings. Any material amendments, modifications, or supplements to this agreement must be in writing and signed by each Party’s authorized representatives. The terms in any Customer purchase order or business form will not amend or modify this agreement and are expressly rejected by Goodie.

14.9 Notices

All notices, requests, consents, and other communications required or permitted under this Agreement shall be in writing and shall be deemed properly given when delivered to the receiving Party at the address set forth in this Agreement (or to such other address as a Party may designate in writing).

For notices, support or general inquiries regarding the Services, please contact:
Goodie AI Inc.
491 Broadway, Floor 2
New York, NY 10012
Email: hello@higoodie.com

14.10 Changes to Terms

We may update these Terms periodically. Material changes will be communicated through the Services or by email. Your continued use of the Services after the updated Terms have been communicated will constitute acceptance of those changes. If you do not agree to the updated Terms, you must stop using the Services.

Last Updated: October 15, 2025.

Exhibit A

GOODIE AI

DATA PROCESSING ADDENDUM

This Data Processing Addendum (“DPA”) forms part of the Services Agreement between Goodie AI Inc. (“Goodie”) and Customer (“Agreement”). This DPA governs the processing of Customer Personal Data (“Personal Data”)  in connection with the Services and supplements the terms of the Agreement. Capitalized terms not otherwise defined herein shall have the meanings given them in the Agreement.

1. APPLICABILITY AND SCOPE

1.1 Module Applicability. This DPA consists of three modules:

(a) Module 1 applies to Customers located in the United States or processing Personal Data of US residents;

(b) Module 2 applies to Customers located in, or processing Personal Data of individuals located in, the European Economic Area, United Kingdom, or Switzerland;

(c) Module 3 applies to all Customers regardless of location.

1.2 Precedence. In the event of conflict between the Agreement and this DPA on data protection matters, this DPA shall prevail.

MODULE 1: US DATA PROTECTION PROVISIONS

2. US DATA PROTECTION COMPLIANCE

2.1 CCPA/CPRA Service Provider Obligations. Where Goodie processes Personal Information of California residents on Customer’s behalf, Goodie agrees to:

(a) Process Personal Information solely for the business purposes set forth in the Agreement and as instructed by Customer;

(b) Not sell, share, or retain Personal Information outside the business relationship with Customer;

(c) Not combine Personal Information received from Customer with Personal Information received from another source or collected from its own interaction with consumers, except as permitted by the CCPA;

(d) Implement and maintain reasonable security procedures and practices to protect Personal Information;

(e) Upon Customer’s request, delete Personal Information in Goodie’s possession, except where retention is required by law;

(f) Provide reasonable assistance to Customers in responding to consumer requests regarding their Personal Information.

2.2 State Privacy Law Compliance. Where applicable under Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, or other similar state privacy laws, Goodie agrees to:

(a) Act as a processor/service provider and process Personal Data only upon Customer’s documented instructions;

(b) Implement appropriate technical and organizational measures to ensure security of Personal Data;

(c) Assist Customer in responding to data subject/consumer requests as reasonably requested;

(d) Upon termination, delete Personal Data as directed by Customer, except where retention is required by law;

(e) Make available to Customer information necessary to demonstrate compliance with applicable obligations.

2.3 Subprocessor Requirements. Goodie may engage subprocessors to process US Personal Data, provided that:

(a) Goodie maintains a current list of subprocessors at https://www.higoodie.com/subprocessors;

(b) Goodie provides prior notice of any new subprocessors via the above webpage or email;

(c) Customer may object to new subprocessors on reasonable data protection grounds within 10 days of notice;

(d) All subprocessors are bound by data protection obligations substantially equivalent to those in this DPA.

2.4 Security Incident Notification. Goodie will notify Customer without undue delay, and in any event within 72 hours, of any Security Incident affecting US Personal Data, providing information reasonably necessary for Customer to assess the incident and meet any notification obligations.

MODULE 2: EU/UK DATA PROTECTION PROVISIONS

3. GDPR/UK GDPR COMPLIANCE

3.1. Controller Obligations and Rights

Customer, as Controller, shall: (a) ensure it has lawful basis for processing and transfers; (b) provide clear processing instructions to Goodie; (c) implement appropriate technical and organizational measures; (d) conduct data protection impact assessments where required; (e) respond to data subject requests within required timeframes; and (f) notify supervisory authorities of Personal Data breaches where required. Customer, as controller, has the right to: (a) receive information about Goodie's processing activities; (b) audit Goodie's compliance with this DPA; and (c) object to new subprocessors and terminate if objection is not reasonably accommodated.

3.2 Processing Instructions. Goodie will process Personal Data only on documented instructions from Customer, including with regard to transfers of Personal Data to third countries or international organizations, unless required to do so by European Union or Member State law.

3.3 Confidentiality. Goodie ensures that persons authorized to process Personal Data have committed themselves to confidentiality or are under appropriate statutory obligation of confidentiality.

3.4 Security Measures. Goodie implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as detailed in Annex II.

3.5 Subprocessors. Goodie may engage other processors (subprocessors) with Customer’s general written authorization, subject to:

(a) Goodie informing Customer of intended changes concerning addition or replacement of subprocessors via https://www.higoodie.com/subprocessors or email;

(b) Customer having the opportunity to object to such changes within 30 days;

(c) Where Goodie engages another processor, the same data protection obligations as set out in this DPA being imposed on that other processor by way of contract.

3.6 Data Subject Rights. Taking into account the nature of processing, Goodie assists Customer by implementing appropriate technical and organizational measures, insofar as possible, for fulfillment of Customer’s obligation to respond to requests for exercising data subject rights.

3.7 Breach Notification. Goodie notifies Customer without undue delay after becoming aware of a Personal Data breach affecting Personal Data.

3.8 Data Protection Impact Assessment. Goodie assists Customer in ensuring compliance with Articles 35 and 36 of GDPR where necessary, taking into account the nature of processing and information available to Goodie.

3.9 Deletion and Return. At the choice of Customer, Goodie deletes or returns all Personal Data to Customer after the end of provision of services relating to processing, and deletes existing copies unless European Union or Member State law requires storage.

3.10 Audit Rights. Goodie makes available to Customer all information necessary to demonstrate compliance with Article 28 GDPR and allows for and contributes to audits, including inspections, conducted by Customer or another auditor mandated by Customer, subject to confidentiality, security, and scheduling constraints.

4. STANDARD CONTRACTUAL CLAUSES AND INTERNATIONAL TRANSFERS

4.1 EU Standard Contractual Clauses. Where Personal Data is transferred from the EEA to countries without an adequacy decision, the EU Standard Contractual Clauses (Decision (EU) 2021/914) are incorporated herein by reference and apply as follows:

(a) Module Two (Controller to Processor) applies where Customer is a controller and Goodie is a processor;

(b) Module Three (Processor to Processor) applies where applicable for onward transfers to subprocessors;

(c) The parties complete the SCC clauses as specified in Annex I and Annex II.

4.2 Clause Completions. For purposes of the Standard Contractual Clauses:

(a) Clause 7 (Docking clause): Other entities may accede to these SCCs with agreement of all parties;

(b) Clause 9 (Use of sub-processors): Customer provides general authorization for engagement of subprocessors in accordance with Section 3.4;

(c) Clause 11 (Redress): Data subjects may lodge complaints with supervisory authorities and have access to effective judicial remedies;

(d) Clause 13 (Supervision): The supervisory authority of the EU Member State in which Customer is established shall act as competent supervisory authority;

(e) Clause 17 (Governing law): These SCCs shall be governed by the law of the EU Member State in which Customer is established;

(f) Clause 18 (Choice of forum and jurisdiction): Disputes shall be resolved by the courts of the EU Member State in which Customer is established.

4.3 UK International Data Transfer Addendum. Where Personal Data is transferred from the UK, the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses applies and is incorporated by reference.

4.4 Swiss Addendum. Where Personal Data is transferred from Switzerland, the parties agree to the modifications necessary to ensure compliance with Swiss data protection law.

MODULE 3: GENERAL PROVISIONS

5. DEFINITIONS

For purposes of this DPA:

“Controller” means the natural or legal person which determines the purposes and means of processing Personal Data.

“Data Subject” means an identified or identifiable natural person to whom Personal Data relates.

“Personal Data” means any information relating to an identified or identifiable natural person, including Personal Information as defined under applicable US privacy laws.

“Processing” means any operation performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Processor” means a natural or legal person which processes Personal Data on behalf of the Controller.

“Security Incident” means any confirmed accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.

6. DETAILS OF PROCESSING

6.1 The details of processing are set out in Annex I to this DPA.

6.2 Independent Controller Activities. Goodie acts as an independent controller for processing Personal Data for account administration, billing, security monitoring, service improvement, compliance obligations, and generation of Telemetry as described in the Privacy Policy.

7. TECHNICAL AND ORGANIZATIONAL MEASURES

7.1 Goodie implements and maintains appropriate technical and organizational measures to protect Personal Data against unauthorized access, disclosure, alteration, or destruction, consistent with applicable law and industry standards. Where required under Module 2 (EU/UK Data Protection Provisions), such measures shall meet the standards described in Annex II.

7.2 Such measures include:

(a) Encryption of Personal Data;

(b) Appropriate access controls and multi-factor authentication;

(c) Logging and monitoring of system access and activities;

(d) Regular vulnerability assessments and security testing; and

(e) Incident response procedures and business continuity planning.

8. SUBPROCESSORS

8.1 Goodie maintains a current list of all subprocessors at https://www.higoodie.com/subprocessors.

8.2 Goodie will update this list and provide notice of material changes via the webpage or email notification with reasonable advance notice.

8.3 All subprocessors are contractually bound by data protection obligations substantially equivalent to those set out in this DPA.

9. DATA BREACH NOTIFICATION

9.1 Goodie will notify Customer without undue delay, and in any event within 72 hours where required by applicable law, after becoming aware of any Security Incident.

9.2 Such notification will include available information about the incident, affected data, likely consequences, and measures taken or proposed to address the incident.

10. TERM AND TERMINATION

10.1 This DPA remains in effect for the duration of the Agreement and any processing of Personal Data thereunder.

10.2 Upon termination of the Agreement, Goodie will delete Personal Data as instructed by Customer, except where retention is required by applicable law.

11. LIABILITY AND INDEMNIFICATION

11.1 Each party’s liability under this DPA is subject to the limitation of liability provisions set forth in the Agreement.

12. AMENDMENTS

12.1 This DPA may only be amended by written agreement signed by authorized representatives of both parties.

12.2 Goodie may update this DPA to reflect changes in applicable law or regulatory guidance, provided such updates do not materially reduce Customer’s data protection rights.

ANNEX I

DETAILS OF PROCESSING

Data Exporter: Customer (acting as Controller)

Data Importer: Goodie AI Inc. (acting as Processor)

Address: 491 Broadway, Floor 2, New York, NY 10012

Data Subjects: The Personal Data concerns the following categories of data subjects:

- Customer’s end users and customers

- Customer’s employees, contractors, and business contacts

- Other individuals whose Personal Data is provided by Customer through use of the Services

Categories of Data: The Personal Data concerns the following categories of data:

- Contact information (names, email addresses, phone numbers)

- Account credentials and authentication information

- Usage data and analytics

- Business and professional information

- Content and materials uploaded to or processed through the Services

- Technical data (IP addresses, device information, log data)

Special Categories of Personal Data: None, unless Customer provides such data contrary to the terms of the Agreement.

Processing Operations: The Personal Data will be processed for the following activities:

- Hosting and storage of Customer Data

- Processing and analysis to provide the Services

- Display and transmission of results and outputs

- Technical support and maintenance

- Security monitoring and incident response

Purpose of Processing: Provision of AI-powered search optimization and analytics Services as described in the Agreement.

Duration of Processing: For the term of the Agreement and any applicable retention period, or until Customer requests deletion.

ANNEX II

TECHNICAL AND ORGANIZATIONAL MEASURES

  1. Access Controls: Role-based access, least privilege, SSO/MFA for administrative access, timely revocation.

  2. Encryption: TLS in transit; encryption keys managed securely.

  3. Segregation & Isolation: Logical tenant separation; environment segregation (prod/test).

  4. Logging & Monitoring: Centralized logging, alerting for anomalous access, time-synced logs, retention policies.

  5. Secure Development: Code review, dependency scanning, SAST/DAST, secrets management, CI/CD controls.

  6. Vulnerability Management: Routine scanning, patching SLAs, documented risk acceptance, penetration testing at least annually.

  7. Business Continuity & DR: Backups with tested restores, availability zones, RTO/RPO targets appropriate to plan tier.

  8. Incident Response: Documented IR plan, classification, containment/eradication, post-incident review.

  9. Vendor Management: Subprocessor risk assessments, security addenda, least-privilege integrations.

  10. Data Minimization & Retention: Configurable retention where feasible; deletion on termination per Section 3.9 herein.

Customer Controls: Admin console, API, and security settings enabling Customer configuration of access, retention, and integrations.

Company

About Us
Careers
Blog
Enterprise
Privacy Policy
Service Agreement

Features

AI Visibility Monitoring
AI Optimization Hub
AEO Content Writer
Traffic and Attribution
Topic Explorer
Generative Engine Optimization
Shopping
AI Crawler & Agent Analytics

Models

ChatGPT
Perplexity
Gemini
Claude
DeepSeek
AI Overview
AI Mode
Grok
Rufus
Meta AI
Microsoft Copilot

Resources

Case Studies
AEO Periodic Table
AI Search Pipeline Efficacy
What's GEO?
What's AEO?
Agent Experience Optimization
AI Search Optimization
Company
Features
Models
Resources
LinkedinInstagramYoutubeTikTok
© Goodie 2025
All Rights Reserved
Goodie logo