ScamAI is an AI-powered platform for detecting deepfakes and synthetic media in real-time. We provide AI detection, audio detection, and GenAI content verification with industry-leading accuracy.

How accurate is ScamAI's deepfake detection?

ScamAI's Eva-v1 models are continuously trained on the latest synthetic media techniques with processing times under 4 seconds. Accuracy varies by media type and attack technique — contact us for benchmark details relevant to your use case.

Is ScamAI compliant with security standards?

Yes, ScamAI is SOC 2 Type II compliant and GDPR compliant, ensuring enterprise-grade security and data protection.

How much does ScamAI cost?

ScamAI offers 200 free images per month for free. Pay-as-you-go pricing starts at $0.05 per image. Optional add-ons (face attributes, liveness detection, ID document verification) are $0.008 per image each. Enterprise pricing is available for high-volume users.

How does ScamAI compare to other deepfake detection tools?

ScamAI offers both vision and audio detection in a single platform with sub-4-second processing, and provides a developer-friendly API with integration in under 10 minutes. Unlike many competitors, ScamAI offers a free tier of 200 images per month, transparent per-image pricing, and is SOC 2 Type II and GDPR compliant.

What industries use ScamAI?

ScamAI is used across financial services for KYC verification, content platforms for moderation, call centers for voice authentication, media organizations for content verification, HR departments for remote interview verification, insurance for claims validation, and government agencies for public sector security.

LEGAL

Master Subscription Agreement

ScamAI Platform Services

A service of Reality Inc.

Last revised: January 8, 2026

This ScamAI Master Subscription Agreement (“MSA”) is effective as of the effective date of an applicable signed order form (“Order Form” and such date the “Effective Date”) and is by and between Reality Inc., a Delaware corporation doing business as “ScamAI”, with its principal place of business at 9725 Seawind Way Newark, CA 94560 (“Company” or “ScamAI”), and the customer set forth on the Order Form who accepts this MSA (each, a “Customer”). References to “ScamAI” in this Agreement refer to the trade name under which Company provides the Services; all contractual rights and obligations hereunder are those of Reality Inc. In the event of any inconsistency or conflict between the terms of this MSA and the terms of any Order Form, the terms of the Order Form shall control. Unless otherwise indicated on an applicable Order Form, certain of Company’s obligations under this MSA will not apply, as further described below.

Definitions

The following defined terms apply throughout this Agreement:

“Services” mean the ScamAI platform products and services that are ordered by Customer from Company in an Order Form referencing this MSA, including without limitation the Company’s proprietary artificial intelligence and machine learning-based detection technologies for identifying synthetic, AI-generated, or manipulated digital content (including deepfake images, video, audio, and documents). Services may include trial access, design partnership services, custom development, integration with Customer’s identity verification (KYC/KYB) workflows, and implementation services as specified in the applicable Order Form. Services exclude any products or services provided by third parties, even if Customer has connected those products or services to the Services. Subject to the terms and conditions of this MSA, Company will make the Services available to Customer during the Term.

“Customer Data” means all data, content, and materials provided by or on behalf of Customer to Company in connection with Customer’s use of the Services, including data submitted for detection analysis and verification.

“Detection Output” means the results, scores, confidence levels, reports, and analysis generated by the Services in response to Customer’s submission of data for detection processing.

“KYC Integration” means the connection of the Services with Customer’s or Customer’s third-party identity verification, Know Your Customer (KYC), Know Your Business (KYB), or Anti-Money Laundering (AML) workflows and systems.

1. SaaS Services and Support

1.1 Service Provision

Subject to the terms of this Agreement, Company will use commercially reasonable efforts to provide Customer the Services, including its AI-powered deepfake detection, document authenticity verification, and voice clone detection capabilities as specified in the applicable Order Form. As part of the registration process, Customer will identify an administrative user name and password for Customer’s Company account. Company reserves the right to refuse registration of, or cancel passwords it deems inappropriate.

1.2 Trial Services

For trial or evaluation services, Company may provide limited access to the Services for evaluation purposes as specified in the Order Form. Trial services may have reduced functionality, limited support, reduced detection model accuracy, or other restrictions as determined by the Company. Trial periods and terms shall be specified in the applicable Order Form. The company makes no representations regarding the accuracy or reliability of Detection Outputs generated during trial periods.

1.3 Design Partnership and Pilot Services

For design partnership and pilot engagements, the Company may provide custom development, integration services (including KYC Integration), early access to detection models, pilot implementations, proof-of-concept deployments, or other specialized services as detailed in the Order Form. Design partnership and pilot terms, deliverables, success criteria, and intellectual property arrangements may be further specified in a separate Statement of Work or addendum.

1.4 Technical Support

Subject to the terms hereof, Company will provide Customer with reasonable technical support services via electronic mail or via designated communication channels on weekdays during the hours of 9:00 am through 6:00 pm Pacific time, with the exclusion of Federal Holidays (“Support Hours”). Customer may initiate a helpdesk ticket any time by emailing support@scam.ai or through the designated support portal. Company will use commercially reasonable efforts to respond to all helpdesk tickets within one (1) business day.

2. Restrictions and Responsibilities

2.1 Usage Restrictions

Customer will not, directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services (“Software”), including Company’s proprietary detection models and AI/ML algorithms; modify, translate, or create derivative works based on the Services or any Software (except to the extent expressly permitted by Company or authorized within the Services); use the Services or any Software for timesharing or service bureau purposes or otherwise for the benefit of a third party; use the Services to develop or train competing detection models or AI systems; attempt to circumvent, reverse, or probe the detection capabilities of the Services; or remove any proprietary notices or labels. Customer shall not use the Services for the purpose of conducting comparative analysis, benchmarking, or ‘red-teaming’ against the Company’s detection models for the purpose of published research or the creation of competing technologies without express written consent.

2.2 Export Control Compliance

Further, Customer may not remove or export from the United States or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. As defined in FAR section 2.101, the Software and documentation are “commercial items” and according to DFAR section 252.227-7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.

2.3 Compliance and Indemnification

Customer represents, covenants, and warrants that Customer will use the Services only in compliance with Company’s standard published policies then in effect (the “Policy”) and all applicable laws and regulations, including without limitation all applicable data protection, financial services, and anti-money laundering laws. Customer agrees to indemnify and hold harmless Company against any damages, losses, liabilities, settlements and expenses (including reasonable costs and attorneys’ fees) in connection with any third-party claim that arises from a demonstrated violation of the foregoing by Customer, subject to the following conditions: (a) Company provides Customer with prompt written notice of any such claim; (b) Company grants Customer sole control over the defense and settlement of such claim (provided Customer shall not settle any claim without Company’s prior written consent, not to be unreasonably withheld); and (c) Company provides reasonable cooperation at Customer’s expense. This indemnification shall not apply to the extent a claim arises from Company’s breach of this Agreement, negligence, or willful misconduct. Although Company has no obligation to monitor Customer’s use of the Services, Company may do so and may prohibit any use of the Services it believes may be (or alleged to be) in violation of the foregoing.

2.4 Customer Equipment and Security

Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer account or the Equipment with or without Customer’s knowledge or consent.

2.5 Detection Output Disclaimer

Customer acknowledges and agrees that: (a) the Services utilize artificial intelligence and machine learning technologies that are inherently probabilistic and may produce Detection Outputs that contain false positives (incorrectly identifying authentic content as synthetic) or false negatives (failing to identify synthetic content); (b) Detection Outputs are provided as decision-support tools and do not constitute legal, regulatory, or compliance determinations; (c) Customer retains sole responsibility for all decisions made in reliance on Detection Outputs, including decisions regarding customer onboarding, identity verification, content moderation, and regulatory compliance; and (d) Customer shall implement appropriate human review and escalation procedures before taking adverse action against any individual based solely on a Detection Output.

3. Confidentiality; Proprietary Rights

3.1 Confidential Information

Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Proprietary Information of Company includes non-public information regarding features, functionality, detection models, AI/ML algorithms, training methodologies, accuracy metrics, and performance of the Service. Proprietary Information of Customer includes Customer Data. The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information. The Disclosing Party agrees that the foregoing shall not apply with respect to any information after five (5) years following the disclosure thereof or any information that the Receiving Party can document (a) is or becomes generally available to the public, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party or (e) is required to be disclosed by law.

3.2 Ownership Rights

Customer shall own all right, title and interest in and to the Customer Data, as well as any data that is based on or derived from the Customer Data and provided to Customer as part of the Services, including all Detection Outputs; provided, however, that Company retains all ownership in the format, structure, and underlying detection logic/metadata contained within such outputs. Company shall own and retain all right, title and interest in and to (a) the Services and Software, including all detection models, AI/ML algorithms, and training methodologies, and all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with Implementation Services or support, and (c) all intellectual property rights related to any of the foregoing.

3.3 Custom Development and Design Partner IP

For custom development work or services provided to design partners, intellectual property ownership and licensing rights shall be specified in the applicable Order Form or Statement of Work. Company shall own all right, title, and interest in and to any inventions, improvements, enhancements, modifications, derivative works, or new features to the Services or Company’s detection models and underlying technology, whether developed solely by Company, jointly with Customer, or based on Customer’s feedback, suggestions, enhancement requests, ideas, or requirements. Customer hereby assigns to Company all right, title, and interest in any such intellectual property and agrees to execute any documents reasonably necessary to perfect such assignment. Design partners retain ownership of their proprietary data, business processes, and pre-existing intellectual property. Company grants Customer a limited, non-exclusive, non-transferable, non-sublicensable license to use any Customer-specific configurations, workflows, or integrations developed under this Agreement solely in connection with Customer’s authorized use of the Services during the Term. Such license shall terminate automatically upon expiration or termination of this Agreement.

3.4 Usage Analytics

Company may collect and analyze Service usage metadata (e.g., feature adoption rates, system performance metrics, API call volumes, detection processing times, error logs) that does not contain, and is not derived from, Customer Data or Customer Confidential Information (“Usage Analytics”). Company may use Usage Analytics to improve the Services and may disclose Usage Analytics solely in aggregate, anonymized form that cannot reasonably be used to identify Customer or any individual. For avoidance of doubt, Customer Data, Detection Outputs, models trained on Customer Data, and outputs generated from Customer Data are not Usage Analytics and remain subject to Section 3.1 and Section 10. No rights or licenses are granted except as expressly set forth herein.

4. Payment of Fees

4.1 Fee Payment

Customer will pay Company the then applicable fees described in the Order Form for the Services in accordance with the terms therein (the “Fees”). If Customer’s use of the Services exceeds the Service Capacity set forth on the Order Form or otherwise requires the payment of additional fees (per the terms of this Agreement), Customer shall be billed for such usage and Customer agrees to pay the additional fees in the manner provided herein. Except as expressly set forth in Section 11.3 (SLA Credits), all Fees are non-cancelable and non-refundable. Company reserves the right to change the Fees or applicable charges at the end of the Initial Service Term or then-current renewal term upon sixty (90) days’ prior written notice to Customer. If Customer believes that Company has billed Customer incorrectly, Customer must contact Company no later than 30 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit.

4.2 Trial, Design Partnership, and Pilot Fees

Trial services may be provided at no cost or at reduced rates as specified in the Order Form. Design partnership and pilot engagements may involve alternative fee structures, milestone-based payments, success-based pricing, or revenue sharing arrangements as detailed in the applicable Order Form or Statement of Work.

4.3 Invoicing and Late Payment

Company may choose to bill through an invoice, in which case, full payment for invoices issued in any given month must be received by Company seven (7) days after the mailing date of the invoice. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of Service. Customer shall be responsible for all taxes associated with Services other than U.S. taxes based on Company’s net income.

5. Term and Termination

5.1 Agreement Term

Subject to earlier termination as provided below, this Agreement is for the Initial Service Term as specified in the Order Form. This Agreement shall automatically renew for successive one (1) year periods (regardless of the length of the Initial Service Term), unless either party provides written notice of non-renewal at least sixty (60) days prior to the end of the then-current term. Company shall provide Customer written notice of upcoming renewal and any proposed fee changes at least ninety (90) days prior to the end of the then-current term.

5.2 Trial and Design Partner Transition

For trial customers converting to paid subscriptions, the Initial Service Term shall commence upon execution of the paid service Order Form. For design partners transitioning to standard service, the parties will negotiate transition terms including: (a) migration of custom features and KYC Integrations to production, (b) ongoing support and maintenance arrangements, (c) any IP licensing for Customer-specific customizations, and (d) standard service pricing and terms. All transition arrangements shall be documented in a separate agreement or addendum.

5.3 Termination for Cause

In addition to any other remedies it may have, either party may also terminate this Agreement upon thirty (30) days’ notice (or without notice in the case of nonpayment), if the other party materially breaches any of the terms or conditions of this Agreement. Customer will pay in full for the Services up to and including the last day on which the Services are provided. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability.

6. Warranty and Disclaimer

Company shall use reasonable efforts consistent with prevailing industry standards to maintain the Services in a manner which minimizes errors and interruptions in the Services and shall perform the Implementation Services in a professional and workmanlike manner. Company further represents and warrants that it has implemented commercially reasonable measures to ensure the accuracy and reliability of its detection models, and that it will use commercially reasonable efforts to improve detection accuracy over time. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Company or by third-party providers, or because of other causes beyond Company’s reasonable control, but Company shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption.

HOWEVER, COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE, THAT DETECTION OUTPUTS WILL BE 100% ACCURATE, OR THAT THE SERVICES WILL DETECT ALL INSTANCES OF SYNTHETIC, AI-GENERATED, OR MANIPULATED CONTENT. NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICES AND IMPLEMENTATION SERVICES ARE PROVIDED “AS IS” AND COMPANY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

7. Indemnity

Company shall hold Customer harmless from liability to third parties resulting from infringement by the Service of any United States patent or any copyright or misappropriation of any trade secret, provided Company is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Company will not be responsible for any settlement it does not approve in writing. The foregoing obligations do not apply with respect to portions or components of the Service (i) not supplied by Company, (ii) made in whole or in part in accordance with Customer specifications, (iii) that are modified after delivery by Company, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of the Service is not strictly in accordance with this Agreement. If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be or are believed by Company to be infringing, Company may, at its option and expense (a) replace or modify the Service to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (b) obtain for Customer a license to continue using the Service, or (c) if neither of the foregoing is commercially practicable, terminate this Agreement and Customer’s rights hereunder and provide Customer a refund of any prepaid, unused fees for the Service.

8. Limitation of Liability

NOTWITHSTANDING ANYTHING TO THE CONTRARY, EXCEPT FOR (I) BODILY INJURY OF A PERSON, (II) CUSTOMER’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 2.3 (WHICH SHALL BE UNCAPPED), (III) COMPANY’S BREACH OF SECTION 10 (DATA PRIVACY AND COMPLIANCE), (IV) EITHER PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, AND (V) BREACH OF SECTION 3 (CONFIDENTIALITY), NEITHER PARTY AND ITS RESPECTIVE SUPPLIERS (INCLUDING BUT NOT LIMITED TO ALL EQUIPMENT AND TECHNOLOGY SUPPLIERS), OFFICERS, AFFILIATES, REPRESENTATIVES, CONTRACTORS AND EMPLOYEES SHALL BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT OR TERMS AND CONDITIONS RELATED THERETO UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY: (A) FOR ERROR OR INTERRUPTION OF USE OR FOR LOSS OR INACCURACY OR CORRUPTION OF DATA OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY OR LOSS OF BUSINESS; (B) FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES; (C) FOR ANY MATTER BEYOND SUCH PARTY’S REASONABLE CONTROL; OR (D) FOR ANY AMOUNTS THAT, TOGETHER WITH AMOUNTS ASSOCIATED WITH ALL OTHER CLAIMS, EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO COMPANY FOR THE SERVICES UNDER THIS AGREEMENT IN THE 12 MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY (OR, IF THE AGREEMENT HAS BEEN IN EFFECT FOR LESS THAN 12 MONTHS, THE ANNUALIZED VALUE OF FEES PAID OR PAYABLE), IN EACH CASE, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FOR CLAIMS ARISING FROM ITEMS (I) THROUGH (V) ABOVE, LIABILITY SHALL NOT EXCEED THE FEES PAID OR PAYABLE IN THE 12 MONTHS PRIOR TO THE ACT GIVING RISE TO THE LIABILITY.

9. Miscellaneous

9.1 Severability

If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.

9.2 Assignment

Neither party may assign, transfer or sublicense this Agreement without the other party’s prior written consent, which shall not be unreasonably withheld, conditioned, or delayed; provided, however, that either party may assign this Agreement without consent to an affiliate or to a successor entity in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of that party’s assets, provided that the assignee agrees in writing to be bound by the terms of this Agreement. Notwithstanding the foregoing, in the event of an assignment by Company to an entity that is a direct competitor of Customer, Customer shall have the right to terminate this Agreement upon thirty (30) days’ written notice without penalty and shall receive a pro-rata refund of any prepaid fees.

9.3 Entire Agreement

This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein.

9.4 No Agency

No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Company in any respect whatsoever.

9.5 Attorney Fees

In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees.

9.6 Notices

All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested.

9.7 Governing Law

This Agreement shall be governed by the laws of the State of Delaware without regard to its conflict of laws provisions.

9.8 Marketing Rights

Company may identify Customer as a client of Company on Company’s website and in marketing materials, subject to the following: (a) Company shall submit any use of Customer’s name, logo, or trademarks to Customer for prior written approval (email sufficient), which shall not be unreasonably withheld; (b) Customer may revoke approval for any specific use upon thirty (30) days’ written notice; (c) Company shall comply with Customer’s trademark usage guidelines as provided by Customer; and (d) upon termination of this Agreement, Company shall remove all references to Customer from its marketing materials within thirty (30) days.

9.9 Amendment

No amendment to this MSA shall be effective unless mutually agreed to in writing and signed by authorized representatives of both parties. Notwithstanding the foregoing, Company may update its standard published policies (as referenced in Section 2.3) upon thirty (30) days’ prior written notice to Customer, provided such updates do not materially diminish the rights of Customer or materially increase Customer’s obligations, costs, or risk exposure under this Agreement. In the event Customer objects to any such policy update within the thirty (30) day notice period, the parties shall negotiate in good faith to resolve Customer’s concerns, and Customer shall have the right to terminate this Agreement without penalty if the parties are unable to reach agreement within sixty (60) days.

9.10 Force Majeure Reference

Force majeure events are governed by Section 12 of this Agreement.

9.11 Trade Name Clarification

The parties acknowledge that “ScamAI” is a trade name and doing-business-as (“d/b/a”) designation of Reality Inc. All rights, obligations, representations, and warranties of “Company” under this Agreement are those of Reality Inc. The use of the name “ScamAI” in connection with the Services, support communications, invoices, marketing materials, and any Order Forms is for branding purposes only and does not create a separate legal entity. Any legal notices, demands, or process must be directed to Reality Inc. at the address set forth in the preamble of this Agreement.

10. Data Privacy and Compliance

10.1 Data Protection Compliance

Company will process Customer Data in accordance with applicable law. Company maintains GDPR compliance and SOC 2 Type II certification. Company will implement appropriate measures to protect Customer Data and may use Customer Data to provide, maintain, and improve the Services and Company’s technologies.

10.2 Security Incident Notification

Company shall notify Customer of any Security Incident within 72 hours of discovery. A “Security Incident” means any unauthorized access to, acquisition of, use of, or disclosure of Customer Data, or any breach of Company’s security measures that could reasonably be expected to affect Customer Data. Notification shall include: (i) the nature and scope of the incident; (ii) the categories and approximate volume of data affected; (iii) the measures taken or proposed to address the incident; (iv) a designated point of contact for ongoing communications; and (v) recommendations for Customer to mitigate potential harm. Company shall provide a written root cause analysis within thirty (30) days and shall cooperate with Customer’s own incident response procedures and regulatory obligations, including providing information reasonably necessary for Customer to comply with data breach notification laws.

10.3 SOC 2 Compliance

Company maintains SOC 2 Type II compliance and will provide Customer with current SOC 2 reports upon request and execution of appropriate confidentiality agreements. Company will notify Customer of any material changes to its SOC 2 compliance status.

10.4 Data Processing Agreement

The parties will execute a separate Data Processing Agreement (DPA) that details the specific terms for processing of personal data, including data subject rights, cross-border transfers, and sub-processor arrangements. The DPA is incorporated by reference into this Agreement and shall be executed prior to or concurrently with the first Order Form.

10.5 Security Measures

Company implements industry-standard security measures including: (a) encryption of data in transit and at rest (AES-256 or equivalent); (b) access controls and multi-factor authentication; (c) regular security assessments and penetration testing (at least annually); (d) employee security training; (e) incident response procedures; and (f) logical separation of Customer Data from other customers’ data. Customer is responsible for properly configuring and using security features made available through the Services.

11. Service Level Agreements

11.1.1 Uptime Commitment

Company will use commercially reasonable efforts to maintain Services availability of at least 99.5% per calendar month, calculated as the percentage of time the Services are available during the month, excluding: (a) planned maintenance performed during designated maintenance windows, (b) outages caused by Customer’s actions or configurations, (c) force majeure events, and (d) third-party service provider outages beyond Company’s control.

11.1.2 On-Premises Deployment Exclusion

Notwithstanding Section 11.1.1, the uptime commitment and associated service credits set forth in this Section 11 shall not apply to any deployment of the Services installed, hosted, or operated on Customer’s own infrastructure or within Customer’s designated data center environment (“On-Premises Deployment”). For On-Premises Deployments, Customer assumes sole responsibility for system availability, uptime, hardware reliability, network connectivity, power redundancy, disaster recovery, and all environmental factors affecting the performance of the Services. Company’s obligations with respect to On-Premises Deployments shall be limited to: (a) providing commercially reasonable technical support during Support Hours as defined in Section 1.4; (b) delivering software updates, patches, and detection model updates in accordance with the applicable Order Form or Statement of Work; and (c) providing reasonable assistance in diagnosing issues that may be attributable to the Services software itself, as distinguished from Customer’s infrastructure. The parties may negotiate separate on-premises service level terms in the applicable Order Form or Statement of Work, which shall govern in lieu of this Section 11 for such deployments.

11.2 Performance Metrics

Company will monitor key performance indicators including: (a) system response times, (b) API response rates, (c) detection processing throughput, (d) service availability, and (e) detection model accuracy metrics. Performance reports will be available to Customer through the Services dashboard or upon request.

11.3 Service Credits and Remedies

If monthly uptime falls below the 99.5% commitment, Customer shall be eligible for service credits as follows: (a) 10% of monthly fees for uptime between 99.0% – 99.49%, (b) 20% of monthly fees for uptime between 98.0% – 98.99%, (c) 30% of monthly fees for uptime below 98.0%. To receive a Service Credit, Customer must submit a written request to support@scam.ai within thirty (30) days of the end of the month in which the Service Level was not met. Failure to comply with this requirement will forfeit Customer’s right to receive a Service Credit. If the Services fail to meet the 99.5% uptime commitment for three (3) or more months in any trailing twelve (12) month period, Customer may terminate this Agreement upon thirty (30) days’ written notice and receive a pro-rata refund of any prepaid fees. Service credits are Customer’s sole and exclusive remedy for any failure by Company to meet the Uptime Commitment; Customer retains all rights and remedies available at law or in equity for losses arising from service failures, subject to the limitations set forth in Section 8.

11.4 Maintenance Windows

Company may perform scheduled maintenance during designated windows (typically outside business hours) with at least 48 hours advance notice. Emergency maintenance may be performed with minimal notice when required to maintain security or system integrity.

12. Force Majeure

Neither party shall be liable for any failure or delay in performance under this Agreement which is due to an earthquake, flood, fire, storm, natural disaster, act of God, war, terrorism, armed conflict, labor strike, lockout, or boycott, provided that such events are beyond the reasonable control of the affected party. The affected party shall give written notice of such delay to the other party and shall use reasonable efforts to avoid or remove such causes of non-performance and shall proceed to perform with all reasonable dispatch whenever such causes are removed. If such delay continues for a period of ninety (90) days or more, either party may terminate this Agreement upon written notice.

13. Data Return and Destruction

Upon expiration or termination of this Agreement for any reason: (a) Company shall, within thirty (30) days, make available to Customer all Customer Data (including all Detection Outputs) in a machine-readable format. Any custom data extraction or specialized formatting requested by Customer shall be subject to Company’s then-current professional services fees; (b) following confirmation of successful data export by Customer (or sixty (60) days after termination, whichever occurs first), Company shall permanently delete all Customer Data from its systems, including all backups, within thirty (30) additional days; (c) Company shall provide written certification of deletion signed by an authorized officer upon Customer’s request; and (d) notwithstanding the foregoing, Company may retain Customer Data to the extent required by applicable law, provided such data remains subject to the confidentiality and data protection of this Agreement.

This Master Subscription Agreement governs the provision of ScamAI platform services by Reality Inc., doing business as ScamAI.