COSTORY MASTER SUBSCRIPTION AGREEMENT (MSA)

THIS MASTER SUBSCRIPTION AGREEMENT (« MSA ») GOVERNS ACQUISITION AND USE OF COSTORY SERVICES. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN.

IF CUSTOMER REGISTERS FOR A FREE TRIAL OF COSTORY SERVICES OR FOR FREE SERVICES, THE APPLICABLE PROVISIONS OF THIS AGREEMENT WILL ALSO GOVERN THAT FREE TRIAL OR THOSE FREE SERVICES.

BY ACCEPTING THIS AGREEMENT, BY (1) CLICKING A BOX AND/OR SIGNING UP FOR COSTORY SERVICES  INDICATING ACCEPTANCE, (2) EXECUTING AN ORDER FORM THAT REFERENCES THIS MSA, OR (3) USING THE COSTORY SOLUTION IN ANY MANNER. THE INDIVIDUAL ACCEPTING THIS MSA ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS. IF THE INDIVIDUAL DOES NOT HAVE SUCH AUTHORITY, OR DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS MSA. THE TERMS AND CONDITIONS OF THIS MSA ARE INCORPORATED BY REFERENCE INTO EACH ORDER FORM EXECUTED BY THE PARTIES. BY SIGNING AN ORDER FORM, THE CUSTOMER AGREES TO BE BOUND BY THE TERMS OF THIS MSA WITHOUT THE NEED FOR A SEPARATE SIGNATURE ON THIS MSA ITSELF.

THIS AGREEMENT WAS LAST UPDATED ON AUGUST 28, 2025. IT IS EFFECTIVE BETWEEN CUSTOMER AND COSTORY AS OF THE DATE OF CUSTOMER’S ACCEPTING THIS AGREEMENT (THE “EFFECTIVE DATE”). 

1. DEFINITIONS

Customer: The entity identified as « Customer » in the applicable Order Form.

Affiliate: Any entity that directly or indirectly controls, is controlled by, or is under common control with the Customer as defined in Article L. 233-3 of the French Commercial Code.

Agreement: This MSA, including all Order Forms, exhibits, schedules, and addenda.

Effective Date: The effective date specified in the applicable Order Form.

Order Form: An ordering document specifying the Costory Solution subscribed for hereunder that is entered into between Costory and the Customer, including any addenda and supplements thereto.

Customer Data: Electronic data and information submitted by or for Customer to the Solution.

Data Protection Laws: All laws and regulations applicable to the processing of Customer Personal Data, including the EU GDPR, the UK GDPR, and the California Consumer Privacy Act (CCPA).

Documentation: Costory Solution documentation, usage guides, and policies as updated and made accessible via login to the Solution.

GDPR: Regulation (EU) 2016/679 regarding the protection of natural persons with regard to personal data processing.

Costory Solution or the « Solution »: The Costory SaaS cost-allocation platform designed to optimize and report on cloud infrastructure costs. The Solution provides tools and dashboards for analyzing billing data from various cloud providers, enabling businesses to monitor, allocate, and optimize their cloud expenditures.

User: A designated Customer employee or third party authorized by Customer to use the Costory Solution.

2. SCOPE OF SERVICES
   1. Costory Solution: The Costory Solution provides a cloud cost allocation and reporting platform that integrates with leading cloud service providers, such as AWS, GCP, and Azure. It offers functionalities including:
      1. Cost Reporting: Provides detailed reports and dashboards for cloud spending analysis.
      2. Cost Optimization: Identifies cost-saving opportunities through usage analysis.
      3. Budget Monitoring: Enables setting and tracking cloud spend budgets.

2. Beta Services: From time to time, Costory may make Beta Services available to the Customer at no charge. Beta Services are optional, and the Customer may choose whether to use them. Beta Services are provided « as-is » without any warranties. Any use of Beta Services is at the Customer’s sole discretion and is subject to the Beta Services terms outlined in this MSA.
3. License and Access Rights: Subject to the terms and conditions of this Agreement, Costory grants Customer a non-exclusive, non-transferable, limited license to access and use the Costory Solution solely for its internal business purposes during the subscription term.
4. Use of Subcontractors: Costory may engage subcontractors to perform certain aspects of the services provided under this Agreement. Costory shall be responsible for the actions of its subcontractors as if performed by Costory itself.
5. Modifications to the Solution: Costory reserves the right to modify, enhance, or discontinue features of the Costory Solution at any time. Costory shall use commercially reasonable efforts to provide prior notice to Customer for any material changes. Any such changes will not materially reduce the overall functionality of the Costory Solution during the subscription term.
6. FREE TRIAL AND FREE SERVICES

If the Customer registers for a free trial of the Costory Solution or for any free services, Costory will make such services available to the Customer free of charge until the earlier of (a) the end of the free trial period or free services term, (b) the start date of any Purchased Service subscriptions ordered by the Customer, or (c) termination by Costory at its discretion.

1. Data Handling During Free Trial: Any data the Customer enters into the Solution during the free trial and any configurations or customizations made to the Solution during the free trial will be permanently lost unless the Customer purchases a subscription to the same services or exports such data before the end of the trial period.
2. Disclaimer for Free Trial: NOTWITHSTANDING ANY OTHER SECTION OF THIS MSA, THE SOLUTION DURING THE FREE TRIAL IS PROVIDED « AS-IS » WITHOUT ANY WARRANTY. COSTORY SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE SOLUTION FOR THE FREE TRIAL PERIOD.

4. SERVICES AND SUPPORT
   1. Service Availability: Costory strives to ensure a high level of availability of the Solution. While Costory uses commercially reasonable efforts to minimize downtime and interruptions, Customer acknowledges that no specific availability level, uptime percentage, or service continuity is guaranteed, and that no service credits or other remedies apply in case of interruptions.
   2. Scheduled Maintenance and Interruptions: Costory may occasionally perform maintenance, upgrades, or emergency interventions that could temporarily affect access to the Solution. Costory will use reasonable efforts to schedule such maintenance outside of peak hours and to minimize disruption.
   3. Standard Support:  Costory will provide Customer with access to standard support resources at no additional charge. Standard support includes access to documentation, online help, and email-based assistance during regular business hours.
5. DATA PROTECTION AND SECURITY
   1. Compliance with Data Protection Laws: The Parties shall comply with all applicable Data Protection Laws. The Data Processing Addendum (« DPA ») attached as Exhibit 1 supplements this Agreement and outlines the processing, protection, and security of Customer Data.
   2. Customer Data: Costory will process Customer Data solely to provide the Solution. Costory will implement appropriate technical and organizational measures to protect Customer Data, including security measures against unauthorized access, data breaches, and loss. Customer remains solely responsible for the accuracy, quality, and legality of Customer Data.
   3. Data Breach Notification: In the event of a security breach that results in unauthorized access to Customer Data, Costory shall notify Customer without undue delay upon becoming aware of the breach. Costory shall take appropriate measures to mitigate the breach and prevent further unauthorized access.
   4. Data Retention and Deletion: Upon termination of the Agreement, upon the Customer’s written request within 15 days, Costory will make Customer Data available for export. After this period, Costory will delete or destroy all copies of Customer Data within 15 days, unless otherwise required by law.
6. CUSTOMER RESPONSIBILITIES
   1. Usage Restrictions: The Customer may use the Costory Solution for internal business purposes only and shall not (i) use the Solution to compete with Costory, (ii) attempt to reverse engineer or access the Solution’s source code, (iii) resell or distribute the Solution, or (iv) use the Solution to process data on behalf of any third party not authorized under this Agreement.
   2. Technical Knowledge: The Customer acknowledges that it has the necessary technical knowledge to use the Costory Solution and understands that Costory shall not be liable for issues related to internet availability or slowdowns.
   3. User Compliance: The Customer is responsible for ensuring that Users comply with the terms of this Agreement.
7. FEES AND PAYMENTS
   1. Fees: Customer shall pay all fees specified in the applicable Order Forms. Except as otherwise specified herein or in an Order Form, (i) fees are based on subscriptions purchased and not actual usage, (ii) payment obligations are non-cancelable, and (iii) fees paid are non-refundable.
   2. Invoicing and Payment: Costory will invoice the Customer in advance and in accordance with the relevant Order Form. Unless otherwise stated in the Order Form, invoiced amounts are due and payable within thirty (30) days from the invoice date. Customer is responsible for providing complete and accurate billing and contact information to Costory and notifying Costory of any changes to such information.
   3. Overdue Charges: If any invoiced amount is not received by Costory by the due date, then without limiting Costory’s rights or remedies, (i) those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month or the maximum rate permitted by law, whichever is lower, and (ii) Costory may condition future subscription renewals and Order Forms on payment terms shorter than those specified in Section 7.2.
   4. Suspension of Service: If any charge owing by the Customer under this or any other agreement for services is thirty (30) days or more overdue, Costory may, without limiting its other rights and remedies, suspend the Customer’s access to the Costory Solution until such amounts are paid in full, provided that Costory will give the Customer at least ten (10) days’ prior notice that its account is overdue before suspending services.
   5. Taxes: Costory’s fees do not include any taxes, levies, duties, or similar governmental assessments of any nature, including value-added, sales, use, or withholding taxes, assessable by any jurisdiction whatsoever (collectively, « Taxes »). Customer is responsible for paying all Taxes associated with its purchases hereunder. If Costory has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Costory will invoice Customer, and Customer will pay that amount unless Customer provides Costory with a valid tax exemption certificate authorized by the appropriate taxing authority.
   6. Fee Adjustments: Fees for the Costory Solution are fixed during the subscription term specified in the Order Form. Any fee adjustments for renewal terms or additional services will be reflected in a new or revised Order Form.
8. INTELLECTUAL PROPERTY
   1. Rights Reserved: Costory reserves all rights, titles, and interests in and to the Costory Solution, including all related intellectual property rights. No rights are granted to the Customer other than as expressly set forth in this Agreement.
   2. Customer Data: The Customer retains ownership of its Data. The Customer grants Costory a non-exclusive, worldwide, limited-term license to host, copy, transmit, and display Customer Data solely as necessary for Costory to provide the Solution in accordance with this Agreement.
   3. License by Customer to Use Feedback: The Customer grants to Costory and its Affiliates a worldwide, perpetual, irrevocable, royalty-free license to use, distribute, disclose, and incorporate into its services any suggestion, enhancement request, recommendation, correction, or other feedback provided by the Customer or Users relating to the operation of the Costory Solution.
9. WARRANTY AND DISCLAIMER
   1. Limited Warranty: Costory warrants that during the subscription term, the Costory Solution will perform materially in accordance with the applicable Documentation. For any breach of the foregoing warranty, Customer’s sole and exclusive remedy, and Costory’s entire liability, will be for Costory to use commercially reasonable efforts to correct the non-conformity, or if Costory determines such remedy to be impracticable, to terminate the affected Order Form and refund any prepaid fees for the unused remainder of the subscription term.
   2. Disclaimer: Except as expressly provided in this Agreement, the Costory Solution and all related services are provided « AS IS » and « AS AVAILABLE » without any warranties of any kind, either express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, title, or non-infringement. Costory does not warrant that the Solution will be uninterrupted, error-free, or completely secure, or that all errors will be corrected.
10. INDEMNIFICATION
    1. Costory Indemnification: Costory shall defend, indemnify, and hold the Customer harmless against any claims, losses, damages, or expenses arising from a third-party claim that the Costory Solution infringes upon a valid intellectual property right, provided that the Customer (a) promptly gives Costory written notice of the claim, (b) gives Costory sole control of the defense and settlement of the claim (except that Costory may not settle any claim unless it unconditionally releases the Customer of all liability), and (c) gives Costory all reasonable assistance, at Costory’s expense. If Costory receives information about an infringement or misappropriation claim related to the Solution, Costory may, at its discretion and at no cost to the Customer, (i) modify the Solution so that it no longer infringes or misappropriates, (ii) obtain a license for the Customer’s continued use of that Solution in accordance with this Agreement, or (iii) terminate the Customer’s subscriptions for that Solution upon 30 days’ written notice and refund the Customer any prepaid fees covering the remainder of the subscription term. Costory shall promptly notify the Customer of any changes affecting its indemnification obligations. The above defense and indemnification obligations do not apply if the claim arises from modifications to the Costory Solution by the Customer or use of the Solution in combination with any other product, service, or data not provided by Costory.
    2. Customer Indemnification: Customer shall defend, indemnify, and hold Costory harmless against any claims, losses, damages, or expenses arising from Customer’s use of the Costory Solution in violation of this Agreement, applicable laws, or third-party rights.
11. LIMITATIONS OF LIABILITY
    1. Cap on Liability: Costory’s total liability arising out of or related to this Agreement shall not exceed the total amount paid by the Customer under this Agreement in the twelve (12) months preceding the event giving rise to the claim.
    2. Exclusion of Consequential Damages: Neither Party shall be liable for any indirect, incidental, consequential, special, or punitive damages, including loss of profits, even if the Party has been advised of the possibility of such damages.
    3. Exceptions: The limitations in this Section 11 do not apply to breaches of confidentiality obligations, data protection obligations, or intellectual property infringement.
12. MARKETING
    1. Marketing materials: Customer grants Costory a limited, non-exclusive, royalty-free right to use Customer’s name and logo to identify Customer as a user of the Costory Solution in marketing materials, website, and presentations, unless Customer requests removal in writing. Any other use requires prior written consent. 
13. CONFIDENTIALITY
    1. Confidential Information: Each Party agrees to protect the other Party’s Confidential Information from unauthorized access, use, or disclosure.
    2. Return of Confidential Information: Upon termination of this Agreement, each Party will return or destroy the other Party’s Confidential Information as requested within 30 days of termination.
14. TERM AND TERMINATION
    1. Term: This Agreement commences on the Effective Date and continues for the subscription term specified in the Order Form.
    2. Termination: Either Party may terminate this Agreement for cause (i) upon 30 days’ written notice of a material breach if such breach remains uncured at the end of such period, or (ii) if the other Party becomes the subject of insolvency proceedings.
    3. Effect of Termination: Upon termination, the Customer’s right to access the Costory Solution will immediately cease. Costory will delete Customer Data following the procedure outlined in Section 5.4.
15. GOVERNING LAW AND JURISDICTION
    1. This Agreement shall be governed by the laws of France, excluding its conflict of laws principles. The Parties agree to the exclusive jurisdiction of the courts of Paris, France.
16. MISCELLANEOUS
    1. Order of Precedence: In the event of any conflict or inconsistency between the terms of this MSA, an Order Form, and any other documents incorporated herein by reference, the following order of precedence shall apply: (1) the Order Form, (2) this MSA, and (3) any other documents incorporated into this Agreement (e.g., exhibits, schedules, addenda, including the Data Processing Addendum). However, if the DPA provides specific terms regarding the processing of personal data that conflict with this MSA or an Order Form, the terms of the DPA shall take precedence with respect to the processing of personal data.
    2. Force Majeure: Neither Party shall be liable for any failure or delay in performance under this Agreement to the extent caused by circumstances beyond its reasonable control, including, but not limited to, acts of God, war, terrorism, natural disasters, strikes, or governmental actions.
    3. Amendments: Costory may update this Agreement from time to time. Minor updates (such as corrections, administrative changes, or clarifications) will become effective upon publication. Substantive updates that materially affect Customer’s rights or obligations will take effect thirty (30) days after notice is provided to Customer. In such case, if Customer does not agree to the updated Agreement, Customer may terminate the applicable subscription before the effective date of the change and will receive a pro-rata refund of any prepaid fees for the unused remainder of the subscription term. If Customer executes a new Order Form or renews their subscription after the effective date of the changes, the updated MSA terms will apply.
    4. Assignment: Neither Party may assign this Agreement without the prior written consent of the other Party, except that Costory may assign this Agreement to an Affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets.
    5. Notices: All notices under this Agreement shall be in writing and sent to the addresses or email addresses specified in the applicable Order Form. It is the responsibility of each Party to update the other Party of any changes to their contact information
    6. Entire Agreement: This Agreement, including all exhibits and Order Forms, constitutes the entire agreement between the Parties and supersedes all prior agreements.
    7. Counterparts and Electronic Signatures: This Agreement may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same document. Electronic signatures and signed copies transmitted by email shall be treated as originals.

Exhibit 1: Data Processing Addendum (DPA)
TO THE MASTER SUBSCRIPTION AGREEMENT

This Data Processing Addendum, including its Schedules, (“DPA”) forms part of the Master Subscription Agreement or other written or electronic agreement between COSTORY and Customer for the purchase of online services from COSTORY (identified either as “Services” or otherwise in the applicable agreement, and hereinafter defined as “Services”) (the “Agreement”) to reflect the Parties’ agreement with regard to the Processing of Personal Data. In the course of providing the Services to Customer pursuant to the Agreement, COSTORY may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith. 

This DPA forms part of the Master Subscription Agreement (« MSA ») entered into between Costory and the Customer (each, a « Party »; collectively, the « Parties »).

1. DEFINITIONS
   1. « Controller, » « Processor, » « Data Subject, » « Personal Data, » « Processing, » and « Supervisory Authority » shall have the meanings ascribed to them in the EU General Data Protection Regulation (GDPR).
   2. « Customer Data » means any Personal Data provided by or on behalf of the Customer to Costory as part of the services under the MSA.
   3. « Data Protection Laws » means all laws and regulations applicable to the processing of Personal Data under this DPA, including but not limited to the GDPR, the UK GDPR, and the California Consumer Privacy Act (CCPA).
   4. « Sub-processor » means any third party appointed by Costory to process Customer Data.
2. PROCESSING OF CUSTOMER DATA
   1. Roles of the Parties: The Parties acknowledge that, for the purposes of the GDPR and other applicable Data Protection Laws, the Customer is the Controller and Costory is the Processor of Customer Data.
   2. Purpose and Scope: Costory shall process Customer Data solely for the purposes of providing the services specified in the MSA and in accordance with the Customer’s documented instructions.
   3. Customer’s Instructions: The Customer instructs Costory to process Customer Data in accordance with this DPA, the MSA, and any applicable Order Forms. Costory will not process Customer Data for any other purpose unless required by law, in which case Costory shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
3. COSTORY’S OBLIGATIONS
   1. Compliance: Costory shall comply with all Data Protection Laws in the processing of Customer Data.
   2. Security: Costory shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including but not limited to the measures referred to in Article 32 of the GDPR.
   3. Confidentiality: Costory shall ensure that personnel authorized to process Customer Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
   4. Data Breach Notification: Costory shall notify the Customer without undue delay after becoming aware of a data breach affecting Customer Data. Such notification shall include sufficient information to allow the Customer to meet any obligations to report or inform Data Subjects of the data breach.
   5. Data Subject Rights: Taking into account the nature of the processing, Costory shall assist the Customer, by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer’s obligation to respond to requests for exercising the Data Subject’s rights under the Data Protection Laws.
   6. Data Retention and Deletion: Upon termination of the MSA, Costory shall, at the choice of the Customer, delete or return all Customer Data, except as required by applicable law.
4. SUB-PROCESSORS
   1. Appointment of Sub-processors: The Customer authorizes Costory to engage Sub-processors to assist in the processing of Customer Data. A current list of Sub-processors shall be made available upon request.
   2. Sub-processor Obligations: Costory shall ensure that Sub-processors are subject to contractual obligations no less protective than those imposed on Costory under this DPA.
   3. Changes to Sub-processors: Costory shall provide the Customer with prior notice of any intended changes to Sub-processors, giving the Customer the opportunity to object to such changes.
5. INTERNATIONAL DATA TRANSFERS
   1. Transfers: Costory shall not transfer Customer Data outside the European Economic Area (EEA) or the UK unless such transfer is made in compliance with Data Protection Laws.
   2. Mechanisms for Transfer: Where required, the Parties shall rely on an appropriate data transfer mechanism, such as Standard Contractual Clauses, to ensure the protection of Customer Data transferred outside the EEA or UK.
6. AUDIT AND COMPLIANCE
   1. Audit Rights: Upon the Customer’s written request, Costory shall make available to the Customer all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer.
   2. Auditor Requirements: Any auditor appointed by the Customer shall be appropriately qualified, and any such audit shall not interfere unreasonably with Costory’s business activities.
7. LIABILITY
   1. Each Party’s liability arising out of or related to this DPA shall be subject to the limitations of liability set forth in the MSA.
8. MISCELLANEOUS
   1. Order of Precedence: In the event of any conflict or inconsistency between this DPA and the MSA, the provisions of this DPA shall prevail with regard to the processing of Customer Data.
   2. Governing Law: This DPA shall be governed by and construed in accordance with the laws specified in the MSA.

Data Processing Addendum (DPA)
Schedule 1 – Details of Processing

1. Nature and Purpose of Processing:
   • Costory will process Customer Data to provide cloud cost optimization services, including cost reporting, dashboarding, and analytics, as described in the Master Subscription Agreement (MSA). This may involve the collection, storage, analysis, and processing of billing data from various cloud providers (e.g., AWS, GCP, Azure).
2. Categories of Data Subjects:
   • End-users and employees of the Customer.
   • Individuals associated with cloud service usage, such as account holders, users, and administrators.
3. Types of Personal Data:
   • Billing and Usage Data: Data obtained from cloud providers, including but not limited to billing logs, usage metrics, and cost allocation data.
   • Technical Data: IP addresses, device identifiers, cloud infrastructure metadata, and other technical details necessary for the operation of the Costory platform.
   • Pseudonymized Personal Data (if applicable): Costory’s solution may interact with pseudonymized data within billing logs, such as user identifiers, which do not directly identify individuals but may be linked to them.
4. Special Categories of Data:
   • Costory does not intentionally process special categories of personal data (e.g., sensitive personal data such as health information, biometric data, etc.). The Customer shall ensure that such data is not included in the data provided to Costory.
5. Duration of Processing:
   • Costory will process Customer Data for the duration of the MSA unless otherwise instructed by the Customer or required by applicable law.
6. Data Retention:
   • Upon termination of the MSA or upon the Customer’s request, Costory will delete or return Customer Data as outlined in Section 3.6 of this DPA.