Software Evaluation Agreement

Last Updated: December 2022

KEYLESS TECHNOLOGIES SRL is a private limited company incorporated in Italy with company number ID and VAT No. 14880901005, whose registered office is at Viale Luca Gaurico 9-11, 00144 Rome, Italy, fully owned by KEYLESS TECHNOLOGIES LIMITED, a private limited company incorporated in the United Kingdom with company number 11362854, whose registered office is at Milton Gate 60 Chiswell Street EC1Y 4AG, London, UK (the "Company").

Whereas:

Keyless has designed and developed a privacy-first biometric authentication and identity management platform that eliminates the need for entities that subscribe the service (the "Recipient") to centrally store and manage passwords, sensitive cryptographic keys, and other authentication data, without compromising on convenience and privacy for their users ("Keyless SDK", or the "Software").
Keyless SDK implements enrollment, authentication, and de-enrollment (account deletion). After successful enrollment, the Keyless SDK returns a Keyless ID string that acts as a unique user identifier. Upon successful biometric authentication, the Keyless SDK returns an authentication token that can be used to authenticate the user. The authentication token can be cryptographically bound to a string (e.g., a URL that identifies the request that triggered authentication), which is an optional parameter to the Keyless authentication method. The Keyless SDK relies on the Keyless network for enrollment and authentication.
By accepting this Software Evaluation Agreement (the "Agreement"), the Recipient asks to run an evaluation of the Software Keyless has developed and which the Recipient is interested in licencing from the Company.
The Recipient acknowledges and agrees that completion of the Location and Purpose Annex (as defined below) is mandatory in order to run the evaluation of the Software. The Location and Purpose Annex is provided under Annex 1 of this Agreement.

Interpretation

In this Agreement the following words and expressions shall have the meanings set out opposite them:

Word or Expression	Meaning
Company	Means KEYLESS TECHNOLOGIES SRL or KEYLESS TECHNOLOGIES LTD whichever is acting as the contractual party to this SEA. The contractual party is KEYLESS TECHNOLOGIES LTD if the Recipient is based in the United States of America, United Kingdom and Middle East, downloador KEYLESS TECHNOLOGIES SRL if the Recipient is based in Europe.
Company Website	The website where this Agreement is published: https://keyless.io
Location and Purpose Annex	The preliminary questionnaire by which the Recipient undertakes to not use the Software for illegal purposes and that the Recipient must fill out in order to obtain a copy of the Software.
Information	information owned by the Company and obtained by the Recipient relating to the Software;
Intellectual Property Rights	the patents, rights to inventions, copyrights and related rights, trademarks, trade names and domain names, rights in get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in desins, rights in computer software, database rights, topography rights, rights in Information regarding the Software (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications (or rights to apply) for, and renewals or extensions of, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world;
Objective	the evaluation of the Software by the Recipient for use in the Recipient’s business;
Parties	Means the Company and the Recipient;
System	the Recipient’s computer system; and
Trial Period	the evaluation period of 6 weeks.

Licence
1. Provided that the Recipient has filled out the Location and Purpose Annex, the Company hereby grants the Recipient a personal, non-transferable, non-exclusive licence to use the Software on the System during the Trial Period solely for the purposes of the Objective. The Recipient acknowledges and agrees that the Software will, or may, automatically cease to operate at the end of the Trial Period if the Recipient has not at that time accepted a full licence of the Software.
2. The Recipient may make and distribute via internal beta systems including without limitation TestFlight and similar programs such copies of the Software as are necessary to evaluate the Software on the System or for back-up purposes, but not for any other purpose. For the avoidance of doubt, the Software shall in no circumstance be submitted in any format to any Appstore or marketplace without the prior written consent of the Company or outside Europe.
3. During the Trial Period this licence may be terminated immediately by the Company giving written notice if the Recipient is in breach of any of its obligations under this Agreement or uses the Software in a manner not compliant with the declaration issued in the Location and Purpose Annex. The licence may be terminated by the Recipient during the Trial Period upon seven days' written notice or upon acceptance by the Recipient of a full licence for the Software. Upon termination not followed by a full licence, the Recipient shall within three days return to the Company all copies of all or part of the Software stored on any tangible medium and any documents containing any item of the Information and shall completely delete all electronic copies of all or any part of the Software and/or the Information resident in the System or elsewhere.
Limitation of Liability
Within the limits set forth by section 1229 of the Italian Civil Code, the Company shall have no liability of any kind in any circumstances whatsoever to the Recipient or any person claiming through the Recipient in respect of the Software or Information. In particular, the Company shall have no liability in any circumstances whatsoever for any data loss, damages or corruption arising out of or in connection with this Agreement or the use or performance of the licenced Software including, without limitation, any direct or indirect (including but not limited loss of profit, loss of revenues, loss of chance whether they are direct or indirect), damages (including, but not limited to, costs of procuring substitute products or services, business interruption, loss of information or other pecuniary loss), however caused and under any theory of liability, even if the Company has been advised of the possibility of such damages. The Recipient agrees that it has sole responsibility for protecting its data during evaluation of the Software.
Disclaimer of Warranties
1. The Company licences the Software and the Information without any warranties, express or implied. The Company and any of its licensors expressly disclaim all warranties, either express or implied, including but not limited to implied warranties of merchantability, non-infringement, or fitness for a particular purpose with regard to the licensed Software and Information, as well as all statutory warranties and conditions to the fullest extent permitted by the applicable law.
2. Neither the Company nor its licensors warrant that the Software is error-free, will operate without interruption or will work in any combination selected by the Recipient.
3. Without prejudice to Art. 2.3 above, it is understood between the Parties that any further exportation of the Software to another company - even within the same group - or in a different country, as stated in the Location and Purpose Annex, is under the exclusive responsibility of the Recipient and no assistance will be provided by the Company.
4. The Company is not liable for any harm or damages related to the further exportation of the Software made by the Recipient. Complaints, claims, concerns, or questions of the third party regarding the Software should be directed to the Recipient.
Property Rights
1. The Company owns the Software, Information and all related documentation. The Recipient acknowledges that any disclosure pursuant to this Agreement shall not confer on the Recipient any Intellectual Property Rights or other rights in relation to the Software or the Information other than its right to use under Clause 2.1.
2. Ownership of all complete or partial copies of the Software, Information and related documentation shall at all times remain with the Company.
3. If a third party notifies the Recipient of any claim that the use of the Software infringes any right of a third party, the Recipient agrees to immediately notify the Company. If any such claim is made to the Recipient or the Company, the Recipient shall, at the Company’s request, immediately cease use of the Software. If the Company is unable to allow the Recipient to continue evaluation of the Software, the provisions of Clause 2.3 shall apply.
Data Protection
1. Each Party shall, at its own expense, ensure that it complies with the requirements of all legislation, including but not limited to the General Data Protection Regulation (EU) 2016/679 (the "GDPR") and regulatory requirements in force from time to time relating to the use of personal data and the privacy of electronic communications.
2. The personal data collected by the Company for the execution of the Agreement are processed pursuant to the GDPR, as specified in the Company’s privacy policy available by clicking the following link: https://keyless.io/privacy.
3. When performing authentication, Keyless does not process personal data of users. Only in the enrollment phase, the Company may process some personal data (i.e., first and last name, e-mail address) of the enrolling Recipient’s end-user (e.g., clients or employees), as part of the so-called "workforce authentication service". Therefore, the Recipient acknowledges that, for the performance of the workforce authentication services related to the use of the Software, the Company shall process personal data of which the Recipient is the data controller.
4. When Article 6.3 above applies, by signing the Agreement, the Recipient appoints the Company as the data processor pursuant to Article 28 of the GDPR. The Recipient and the Company agree that the processing shall be governed by the Data Processing Agreement (the "DPA", available at the following link https://keyless.io/data-processing-agreement), which regulates, inter alia, the duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the Recipient, as well as the security measures adopted by the Company.
5. Should the DPA apply between the Parties, the Recipient, in its capacity as data controller, shall provide further instructions regarding the data processing carried out on its behalf by the Company.
Assignment
The Company and the Recipient shall not be entitled to assign the contract or any receivable (debit/credit) with the other party’s written consent.
Entire agreement
This Agreement constitutes the whole agreement between the Parties and supersedes any previous arrangement, understanding or agreement between them relating to the subject matter they cover.
Governing law and jurisdiction
1. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) is governed by and shall be construed in accordance with the law of Italy if the Company is KEYLESS TECHNOLOGIES SRL, or in accordance with the English law if the Company is KEYLESS TECHNOLOGIES LTD.
2. The Company and the Recipient irrevocably agree that the courts of Rome – if the Company is KEYLESS TECHNOLOGIES SRL – or the courts of London - if the Company is KEYLESS TECHNOLOGIES LTD - shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).

By accepting the Software Evaluation Agreement, according to articles 1341 and 1342 of the Italian Civil Code, I hereby declare that I have read, understood, and expressly agreed to the following clauses:

Art. 2.3 (License)
Art. 3 (Limitation of Liability)
Art. 4 (Disclaimer of Warranties)
Artt. 6.2 and 6.3 (Data Protection)
Art .9 (Governing law and jurisdiction)

Annex 1
Location and Purpose Annex

We certify that we are the end-user of the Keyless SDK which is to be supplied by Keyless Technologies SRL. We further certify that we shall use the Keyless SDK solely for the purposes described above; that the Keyless SDK will not be used for any purpose connected with chemical, biological or nuclear weapons, or missiles capable of delivering such weapons; that it will not be re-exported or otherwise re-sold or transferred if it is known or suspected that they are intended or likely to be used for such purposes; that the end user is not the armed forces or internal security forces of any country; that the Keyless SDK will not be re-exported or otherwise re-sold or transferred to a destination subject to UN, EU, UK, OSCE embargo where that act would be in breach of the ; and that the Keyless SDK will not be used in any nuclear explosive activityⁱ or unsafeguarded nuclear fuel cycleⁱⁱ.

Notes

Includes research on or development, design, manufacture, construction, testing or maintenance of any nuclear explosive device or components of subsystems of such a device.
Includes research on or development, design, manufacture, construction, operation or maintenance of any reactor, critical facility, conversion plant, fabrication plant, reprocessing plant, plant for the separation of isotopes of source or special fissionable material, or separate storage installation, where there is no obligation to accept IAEA safeguards at the relevant facility or installation, existing or future, when it contains any source or special fissionable material; or of any heavy water production plant where there is no obligation to accept IAEA safeguards on any nuclear material produced by or used in connection with any heavy water produced therefrom; or where any such obligation is not met.