SHAPES TERMS OF USE

November 30, 2025

THESE TERMS OF USE BETWEEN YOU AND YOUR AFFILIATES (COLLECTIVELY, “CUSTOMER” OR “YOU”) AND DREAMTEAM HR APPS LTD. D/B/A SHAPES (“COMPANY” OR “SHAPES”) AND THE CORRESPONDING ORDER (AS MAY BE EXECUTED BETWEEN COMPANY AND CUSTOMER FROM TIME TO TIME) (COLLECTIVELY REFERRED TO AS THE “AGREEMENT”) GOVERN YOUR USE OF THE SOLUTION.

BY CHOOSING “I ACCEPT”, EXECUTING AN ORDER OR OTHERWISE USING THE SOLUTION, YOU ARE ACCEPTING AND AGREEING TO BE BOUND BY ALL THE TERMS OF THIS LICENSE AGREEMENT, WHICH ACCEPTANCE SHALL BE DEEMED TO BE THE EFFECTIVE DATE OF THIS AGREEMENT.

For the sake of clarity, these terms and conditions shall not apply to Customers who have licensed the Solution through, and signed an end user license agreement with, a reseller authorized by Company to resell subscriptions to the Solution, so long as such end user license agreement complies substantially with the terms and conditions of this Agreement. In such cases, Customer is granted its license in the Solution by and through the reseller and not directly by the Company.

1. Grant of Right to Use.
   
   1. Creating an Account. In order to use the Solution, you have to create an account (“Account”). You agree to (i) provide accurate and complete Account and login information; (ii) keep, and ensure that Authorized Users keep, all Account login details and passwords secure at all times; (iii) remain solely responsible for the activity that occurs in your Account including with respect of your Authorized Users; and (iv) promptly notify Company of any unauthorized access or use of the Account or the Licensed Service. You will not allow the use and access to the Solution by third parties or anyone other than the Authorized Users. Customer shall ensure that its and its Authorized Users comply with the terms of this Agreement and shall bear full responsibility for any act or omission by its Authorized Users.
   2. Right to Use the Licensed Services. Subject to the terms and conditions of this Agreement (including payment in full of applicable fees), Company shall grant Customer (and Customer’s Affiliates, as applicable), a limited, revocable, personal, non-transferable, non-assignable (except as provided herein), non-exclusive, non-sublicensable license to access and use the Licensed Services, solely for internal business purposes. The license shall remain in effect during the annual subscription term specified in the Order, and if none such term is specified than the license shall remain in effect for a minimum period of twelve (12) months. If Customer wishes to add Authorized Users (in Customer’s company or in any of its Affiliates) it shall be required to purchase additional licenses for Authorized Users.
   3. Optional Features. Certain optional features may be available to Customer within the Solution (“Optional Features”), including features that involve use of AI Systems provided by Company or its third party providers (“AI Features”). Such AI Features may subject to additional terms as further described in and subject to Section ‎6.5 below (“Additional Product Terms”). By accessing or using such Optional Features, Customer hereby agrees (i) to the applicable Additional Product Terms; (ii) that any such Optional Features are on an “AS IS” basis without any warranty of any kind, and that the Solution serves solely as a platform which facilitates the Optional Features which are not monitored, endorsed or controlled by Company; and (iii) that Company does not, and will not, have any responsibility with respect to Customer's access to or use of the AI Features, including with respect to its availability or results.
   4. License Restrictions. The Solution shall be accessed in accordance with its intended purpose and as detailed in the Company website, as well as the technical documentation of the Solution as may be available from time to time. Except as expressly and unambiguously permitted by this Agreement, without Company's prior written consent, the Customer may not, nor permit anyone else to, directly or indirectly: (i) grant access under its credentials or transfer Customer's rights under this Agreement to a third party, (ii) copy, reproduce, create a derivative work or modify any part of the Solution (iii) disclose, publish or otherwise make publicly available the results of any benchmarking of the Solution, or use such results for competing software development activities; (iv) use or permit the Solution to be used to perform services for third parties, whether on a service bureau or time sharing basis or otherwise, (v) attempt to decipher, decompile, disassemble, reverse engineer or reverse compile all or any portion of the Solution, (vi) use or launch any automated system (including without limitation, “robots”, “scrapers” and “spiders”) to access the Solution, including without limitation in order to extract for re-utilization of any parts of the Solution, or perform any act that destabilizes, interrupts or encumbers the Solution or its servers or use automatic means that enable sending more request messages to the servers of the Solution, in a given period of time, than is reasonable in that time period, (vii) use or encourage, promote, facilitate or instruct others to use the Solution for any unlawful, harmful, irresponsible, prohibited by this Agreement, or inappropriate purpose; (viii) and/or (ix) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer’s account credentials with or to any third party. Any right not explicitly granted to Customer is reserved to Company or its licensors. The Customer agrees to access the Solution in a manner that complies with all applicable laws in the jurisdiction in which Customer accesses the Solution, including, but not limited to, applicable restrictions concerning copyright and other Intellectual Property Rights and with Company’s license metrics and work environment conditions. Company does not provide back-up, archive or recovery services.
   5. Orders. The terms and conditions of this Agreement shall apply to all Orders for subscriptions to the Solution, and shall supersede any different or additional terms on either Company’s or Customer’s purchase orders, unless such Order expressly state a certain provision is to prevail over these terms.
2. Maintenance and Support. The Company shall maintain and support the access, use and operation of the Licensed Services in accordance with the Service Level Agreement attached hereto as Exhibit A. Unless otherwise stated in the Order, the maintenance and support services as provided in connection with the provision of the Solution in accordance with this Agreement shall be at no additional charge for Customer. Provision of support services as contemplated herein shall be Customer’s sole and exclusive remedy for any non-conformity or error in the Solution.
3. Fees and Payment.
   
   1. Fees. As a condition for the rights granted under Section 1, Customer shall pay Company the annual service fees set forth in Company’s then in-effect price list (found on the Company’s website or Order) (the “Fee”). All subscriptions shall be subject to the applicable usage limits, as specified in the Company’s website, online interface or Order, as applicable. If Customer exceeds any usage limits, the Company shall be entitled to either seek to reduce your usage to conform to the agreed upon limit or automatically charge for the exceeding usage which amounts shall be charged to any subsequent invoice issued by the Company. Fees are non-refundable and non-cancellable (NR/NC).
   2. Payment Terms. Unless the parties agree to any different payment method, Customer will provide the Company with valid and updated credit card information for the purpose of payment of Fees, and Customer authorizes Company to charge such credit card for any purchased Licensed Services. Such charges shall be made in advance of the applicable subscription term (including for the Subscription Term and any Renewal Term thereafter). Please note that separate terms and conditions of third-party payment processors may apply to the processing of payment of any applicable Fees. To the extent Customer’s method of payment is by any means other than credit card, as mutually agreed upon by the Parties, Company will issue Customer an invoice with respect of outstanding amount in advance of the subscription period and payment shall be due and payable immediately after receipt such invoice. All amount payable hereunder shall be paid in United States Dollars. All amounts not paid within fifteen (15) days of the due date shall bear interest at the rate of either one and a half percent (1.5%) per month, or at the highest rate allowed by law, whichever is less, from the date due.
   3. Taxes. Prices are exclusive of all taxes of any nature. Customer will duly pay all applicable taxes or will supply appropriate tax exemption certificates in a form satisfactory to Company. Customer shall, in addition to the other amounts payable under this Agreement, pay all sales, use, value added, withholding or other taxes and fees, federal, state or otherwise, however designated, which are levied or imposed by reason of the transactions contemplated by this Agreement, except for taxes based on Company's net income.
4. Representations and Warranties; Disclaimers.
   
   1. Mutual Representations. Each party represents and warrants that (i) it is duly organized and in good standing under the laws of the jurisdiction of its organization; (ii) it has all requisite power and authority (corporate or otherwise) to execute, deliver and perform its obligations under this Agreement; and (iii) the execution and delivery of this Agreement and the fulfilment of the terms hereof will not constitute a default under or breach of any agreement or other instrument to which it is a party or by which it is bound.
   2. Customer Warranties. Customer represents and warrants that its use of the Solution shall be only in accordance with applicable law. Customer further represents and warrants that it has full authority and has obtained all proper consents necessary to provide the Company with the information it requires for the operation of the Solution, including any personal data, and that the access and use of the Solution will not violate any other contractual or other legal obligations which Customer is subject to. Customer further represent and warrant that (i) Customer is responsible for any input, as well as the resulting material Customer generate, such as images, code, or text (“Output”); (ii) Any use of or reliance upon the Output is at Customer’s sole risk; (iii) Customer hereby waive any claim with respect to any similar or identical outputs that may be generated by other users; and (iv) Customer will, at all time, fully comply with the Additional Product Terms (as defined herein) and will be solely and fully responsible for any non-compliance with respect thereof.
   3. Disclaimers. EXCEPT FOR THE EXPRESS WARRANTIES PROVIDED HEREIN, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED SERVICES ARE PROVIDED WITHOUT ANY OTHER WARRANTY. COMPANY EXPRESSLY DISCLAIMS ALL OTHER EXPRESS AND IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, MERCHANTABILITY, NON-INTERFERENCE, SECURITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. THE ENTIRE RISK ARISING OUT OF THE USE OF THE LICENSED SERVICES REMAINS WITH LICENSEE. COMPANY DOES NOT WARRANT THAT THE ACCESS TO AND USE OF LICENSED SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT ERRORS ARE REPRODUCIBLE OR THAT ERRORS ARE REPAIRABLE AND DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF THE USE OF THE LICENSED SERVICES INCLUDING WITHOUT LIMITATION IN TERMS OF THEIR CORRECTNESS, USEFULNESS, ACCURACY, RELIABILITY, OR OTHERWISE.
5. Indemnification.
   
   1. Indemnification by Customer. Customer shall defend, indemnify and hold harmless Company, its officers, directors, employees, affiliates and agents, from and against any damages, losses, liabilities, costs and reasonable expenses (including but not limited to attorney's fees) which are finally awarded by a court ruling as arising from a third party actions or suits brought against Company based on Customer's unauthorized use of the Solution and/or breach of Customer's warranties with respect to Personal Data.
   2. Indemnification by Company. Company agrees to defend, indemnify and hold harmless Customer from and against any damages, losses, liabilities, costs and reasonable expenses (including but not limited to attorney's fees) which are finally awarded by a court ruling as arising directly from a third party actions or suits brought against Customer, (i) alleging that the rightful use of the Solution by Customer in accordance with this Agreement infringes Intellectual Property Rights of such third party; (ii) resulting from Company’s breach of its data protection and security obligations under the data protection agreement (“DPA”) attached hereto as Exhibit B.
   3. Indemnity Procedure. As condition precedent for any obligation of indemnity, indemnified party shall (i) notify the indemnifying party promptly in writing of such indemnifiable claim; and (ii) grant indemnifying party sole control and authority to handle the defense or settlement of any such claim and provide indemnifying party with all reasonable information and assistance, at indemnifying party’s expense. Indemnifying party will not be bound by any settlement that indemnified party enters into without indemnifying party's prior written consent and Indemnifying party shall obtain indemnified party’s prior consent with respect to any settlement that does not provide it with a full and general release or that requires it to admit fault or requires any payment.
   4. THIS SECTION 5 STATES COMPANY'S SOLE AND EXCLUSIVE LIABILITY AND THE CUSTOMER'S SOLE AND EXCLUSIVE REMEDY FOR ANY CLAIMS OF INTELLECTUAL PROPERTY INFRINGEMENT OR MISAPPROPRIATION.
6. Intellectual Property Rights.
   
   1. Retention of Rights. The Solution are licensed and certain rights to access and use are granted. They are not sold. All right, title and interest in and to the Solution, including any Feedback, new version releases, updates, enhancements, modifications, improvements, derivative works thereof, and all Intellectual Property Rights evidenced by or embodied in, attached, connected or related thereto, are and shall remain solely owned by Company, its affiliates, or their respective suppliers and licensors (“Company IPR”). Noting herein contained shall be construed as granting Customer any right, title or interest in and to Company IPR.
   2. Customer Data. As between the Parties, Customer shall be the sole and exclusive owner of all Customer Data. Customer represents and warrants that: (i) Customer owns or has obtained the consents and rights related to the Customer Data, and Customer has the right to provide Company the license granted herein to use such Customer Data in accordance with this Agreement; and (ii) the Customer Data does not infringe or violate any intellectual property right, proprietary or privacy or publicity rights of any third party. Customer hereby grants Company and its affiliates a worldwide, nonexclusive, right and license, to access and use the Customer Data, in order to perform its obligations hereunder, including for Company's provision to Customer of the access to the Solution as stipulated herein. Company does not use any AI Systems that use Customer Data to train its models.
   3. Use of Aggregate Data. Company shall be entitled to use any non-identified, aggregate, analytical or statistical data which is derived, created, or learned from Customer Data during the use of the Solution (“Aggregate Data”) for any purpose, including the improvement the Solution, provided that any such use does not identify the personal data of any data subject.
   4. Processing of Data. The Parties hereby acknowledge and agree that Company shall process and use personal data provided as part of Customer Data which is required for the use of the Solution, all for the purpose of providing the right to use the Solution, and any such processing shall be in accordance with the DPA which is attached hereto as Exhibit B. Company shall be considered the processor of such personnel data on behalf of Customer who is and shall be the controller and owner of such personal data.
   5. Third Party Components. The Services include third party AI Systems and software components that are subject to open source licenses or pass through commercial licenses (“Third Party Components”, and “Third Party Terms”, respectively). Some of the Third Party Software Terms may be made available to you through the Services, its documentation or via a supplementary list provided by Company. Any covenants, representations, warranties, indemnities and other commitments with respect to the Services in this Agreement are made by Company and not by any authors or suppliers of, or contributors to such Third Party Components. Any use of Third Party Components is subject solely to the rights and obligations under the applicable Third Party Terms. If there is a conflict between any Third Party Terms and the terms of this Agreement, then the Third Party Terms shall prevail but solely in connection with the related Third Party Components. Notwithstanding anything in this Agreement to the contrary, Company does not make any representation, warranty, guarantee, or condition, and does not undertake any liability or obligation, with respect to any Third Party Components.
7. Confidentiality.
   
   1. Each party may have access to certain non-public and/or proprietary information of the other party (the “Discloser”), in any form or media, including (without limitation) confidential trade secrets and other information related to the products, software, technology, data, know-how, or business of the other party, whether written or oral, and to any other information that a reasonable person or entity should have reason to believe is proprietary, confidential, or competitively sensitive (“Confidential Information”). Notwithstanding anything to the contrary, Company IPR is deemed as Company Confidential Information.
   2. Each party shall take reasonable measures, at least as protective as those taken to protect its own confidential information, but in no event less than reasonable care, to protect the Discloser's Confidential Information from disclosure to a third party. Neither party shall use or disclose the Confidential Information of the Discloser except as expressly permitted under this Agreement. All right, title and interest in and to Discloser's Confidential Information are and shall remain the sole and exclusive property of the Discloser.
   3. Neither party shall have an obligation under this Agreement to maintain in confidence any information that it can demonstrate that (i) is now or subsequently becomes generally available in the public domain through no fault or breach on the part of receiving party; (ii) the receiving party can demonstrate in its records to have had rightfully in its possession prior to disclosure of the Confidential Information by the Discloser; (iii) receiving party rightfully obtains from a third party who has the right to transfer or disclose it, without default or breach of this Agreement; (iv) the receiving party can demonstrate in its records to have independently developed, without breach of this Agreement and/or any use of the Discloser’s Confidential Information; or (v) is disclosed pursuant to the order or requirement of a court, administrative agency, or other governmental body; provided, however, that the receiving party shall make best effort to provide prompt notice of such court order or requirement to the Discloser to enable the Discloser to seek a protective order or otherwise prevent or restrict such disclosure.
8. Term and Termination.
   
   1. Term. The term of this Agreement shall commence on the Effective Date and will continue thereafter for the applicable subscription period of the Licensed Services (the “Subscription Term”). The Subscription Term of the Licensed Services shall be automatically renewed for additional one (1) year periods each (each, a “Renewal Term” and together with the Subscription Term, the “Term”), unless either party provides the other party with a notice of non-renewal thirty (30) days prior to then in-effect Term.
   2. Suspension. The Company may temporarily suspend Customer’s use of the Solution without prior notice if Customer’s acts or omissions (or those of its Authorized Users) threaten the integrity or security of the Solution. In the event of any suspension under this Section, Company shall use reasonable effort to provide Customer with (i) notice of any suspension; (ii) an explanation of the threat posed by Customer’s acts or omissions to the integrity or security of the Solution and (iii) the corrective action to be taken by Customer before access to the Solution is restored. Without derogating from the foregoing, if any charge owing by Customer under this Agreement is ten (10) days or more overdue, Company may, without limiting any right and/or remedy available to it under applicable law, suspend access to the Licensed Services until such amounts are paid in full.
   3. Termination. A party may terminate this Agreement: (i) upon the other party's breach of any of the provisions hereof that is not cured within thirty (30) days after receiving notice of such breach. Breach of Sections 1 and 6 shall be deemed incurable breaches for which Company is entitled to terminate the Agreement immediately and without prior notice; (ii) immediately upon the appointment of a trustee or receiver for all or any part of the assets of the other party, the occurrence of insolvency or bankruptcy of the other party, or a general assignment by the other party for the benefit of creditor(s) or dissolution or liquidation of the other party.
   4. Effect of Termination. Upon termination of this Agreement: (i) all licenses granted in this Agreement shall expire, and Customer shall immediately discontinue any use of and access to the Solution; (ii) Company shall cease providing access to the Solution; (iii) each party shall return any copies of Confidential Information to its Discloser; and (vi) all outstanding fees shall become immediately due and payable on the date of termination of the Agreement.
   5. Survival. Those provisions of this Agreement which by their nature should survive the expiration or termination of this Agreement shall so survive its expiration or termination, including without limitation, Sections 3.2, 4, 5, 6, 7, 8, 9, 10, 11 and 12.

‍

9. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, (A) IN NO EVENT SHALL COMPANY OR ANY OF ITS EMPLOYEES, AFFILIATES, LICENSORS OR SUPPLIERS BE LIABLE FOR ANY CONSEQUENTIAL, SPECIAL, INDIRECT, INCIDENTAL DAMAGES, INCLUDING WITHOUT LIMITATION INTERRUPTION OF BUSINESS, LOSS OF DATA, LOSS OF BUSINESS INFORMATION, LOST PROFITS OR GOODWILL, LOSS OF BUSINESS REVENUES, PROFITS OR SAVINGS, OR OTHER, ECONOMIC, PUNITIVE OR OTHER SIMILAR DAMAGES, HOWEVER CAUSED AND WHETHER ARISING UNDER CONTRACT, TORT, NEGLIGENCE, OR OTHER THEORY OF LIABILITY RESULTING FROM THE USE OR INABILITY TO USE THE LICENSED SERVICES, EVEN IF COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY THIRD PARTY; AND (B) IN NO EVENT SHALL EITHER PARTY’S TOTAL LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT FROM ALL CLAIMS OR CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY, EXCEED THE TOTAL PAYMENTS ACTUALLY RECEIVED BY COMPANY UNDER THIS AGREEMENT, DURING THE TWELVE (12) MONTH PERIOD PRIOR TO ANY SUCH CLAIM OR CAUSE OF ACTION AROSE. THIS LIMITATION OF LIABILITY IS CUMULATIVE AND NOT PER INCIDENT. THE PRECEDING LIMITATIONS OF LIABILITY SHALL NOT APPLY WITH RESPECT TO WILLFUL MISCONDUCT, BREACH OF CONFIDENTIALITY AND INTELLECTUAL PROPERTY OBLIGATIONS, AND OBLIGATIONS PURSUANT TO SECTION 5 (INDEMNIFICATION). NOTWITHSTANDING, OBLIGATIONS PURSUANT TO SECTION 5.2 (INDEMNIFICATION) SHALL BE LIMITED, IN THE AGGREGATE TO X10 THE TOTAL PAYMENTS ACTUALLY RECEIVED BY COMPANY UNDER THIS AGREEMENT, DURING THE TWELVE (12) MONTH PERIOD PRIOR TO ANY SUCH CLAIM OR CAUSE OF ACTION AROSE.
10. Publicity. Subject to approval of the other party in advance, both Company and Customer may refer to the existence of a license agreement between them, including listing Company as a technology provider, or Customer as a user of the technology, including on Company’s website and in its marketing and promotional materials in a manner which reflects favourably, at all times, on the Solution and the good name, goodwill and reputation of each party. Such promotional uses include the display of a party's logo or trademark. The request for approval shall not be unreasonably withheld.
11. Miscellaneous.
    
    1. Entire Agreement. This Agreement and any exhibits hereto set forth the entire agreement and understanding between the parties and neither party shall be bound by any conditions, definitions, warranties, understandings or representations with respect to the subject matter hereof other than as expressly provided herein or as duly set forth on or subsequent to the date hereof in writing and signed by a proper and duly authorized representative of the party to be bound thereby. This Agreement is not intended to and shall not be construed to give any third party any interest or rights (including, without limitation, any third party beneficiary rights) with respect to or in connection with this Agreement.
    2. Modifications; Changes to Solution. The Company reserves the right, at its discretion, to change this Agreement at any time. Such change will be effective ten (10) days following delivery of a notice thereof to Customer or posting the revised terms on the Company’s site, and Customer’s continued use of the Licensed Service thereafter means that Customer accepts those changes. In addition, the Company may add, enhance, upgrade, modify or discontinue any functionality, feature or tool available through the Solution in our discretion without further notice. If the Company makes any material adverse change in the core functionality of the Solution, then it will notify you by posting an announcement on the Company website or via the Solution or by sending you an email in accordance with the details provided in your Account.
    3. No Waiver. The failure of any party at any time to require performance of any provision of this Agreement shall in no manner affect the right of such party at a later time to enforce the same. No waiver by any party of any condition or of any breach of any term contained in this Agreement, in any one or more instances, shall be deemed to be or construed as a further or continuing waiver of any such condition or of any breach of any such term or any other term set forth in this Agreement.
    4. Severability. If any provision of this Agreement is inoperative or unenforceable for any reason, such circumstances shall not have the effect of rendering the provision in question inoperative or unenforceable in any other case or circumstance, or of rendering any other provision or provisions contained in this Agreement invalid, inoperative, or unenforceable to any extent whatsoever. The invalidity of any portion of this Agreement shall not affect the remaining portions of this Agreement.
    5. Governing Law/Venue. This Agreement shall be governed by the laws of the State of Israel, without regard to that state’s conflicts of laws rules. All disputes arising under or relating to this Agreement shall be resolved exclusively in the appropriate court sitting in Tel Aviv-Jaffa, Israel.
    6. Assignment. Neither party may assign or otherwise transfer its rights or obligations under this Agreement without the prior consent of the other party, provided that either party may assign or otherwise transfer its rights or obligations herein in the event of transfer to a person or entity who directly or indirectly acquires all or substantially all of the assets or business of such party, whether by change of control, sale, merger or otherwise, without consent. Any prohibited assignment, transfer or sublicense shall be null and void.
    7. Headings. The headings in this Agreement are solely for convenience of reference and shall not be given any effect in construction or interpretation of this Agreement.
    8. Force Majeure. Company shall not be liable for any failure or delay in its performance under this Agreement due to causes beyond its reasonable control, including without limitation, natural disasters, acts of civil or military authority, fire, flood, war, labor shortage or dispute, public health emergencies, pandemic or governmental authority.
    9. Notices. All notices under this Agreement shall be deemed effective upon receipt and shall be in writing and (a) delivered personally, (b) sent by commercial courier with written verification of receipt, (c) sent by certified or registered mail, postage prepaid and return receipt requested, or (d) sent via electronic mail without message of failed delivery.
12. Definitions. All capitalized terms used herein shall have the meanings set forth below:
    
    1. “Affiliate” shall mean any entity that Controls, is Controlled by, or is under common Control with Customer, provided that such an affiliate is not a competitor of Company.
    2. “Authorized User(s)” means either (i) Customer’s Affiliates; and (ii) Customer’s and its Affiliates’ employees whose duties require such access or authorized consultants and subcontractors (excluding any competitors of Company) only where such use is required as part of their performance of the services for Customer.
    3. “Control” shall mean the ownership, directly or indirectly, of 50% or more of the voting interest.
    4. “Customer Data” means any content (e.g. data, information, reports, files, images, graphics, code or other content), including Customer’s Confidential Information, that Customer submits to the Solution, including as may be incorporated in any reports or output generated by the Solution.
    5. “Feedback” shall mean any feedback, suggestions, comments, ideas, questions, any information about the Solution. Feedback shall not include Customer’s Confidential Information.
    6. “AI System” means any artificial intelligence or machine learning model, architecture, or system that is provided, used, incorporated, relied on, interacted with, or otherwise made available by or on behalf of Company (including, without limitation, via Company’s subcontractors) in connection with this Agreement, including, without limitation, any model, architecture, or system that, for a given set of objectives, uses machine and/or human-based data and inputs to (i) perceive real and/or virtual environments; (ii) abstract these perceptions into models through analysis in an automated manner (e.g., with machine learning), or manually; or (iii) use model inference to formulate options for outcomes.  By way of example, and not limitation, AI Systems may include systems satisfying the above criteria that (a) generate content (such as text, images, audio, code, and video) through user-provided prompts, (b) rely on neural networks, (c) employ probabilistic modeling, (d) create digital agents, avatars, or virtual humans, or (e) employ natural language processing.
    7. “Intellectual Property Rights” shall mean any (i) patents and patent applications throughout the world, including all reissues, divisions, continuations, continuations-in-part, extensions, renewals, and re-examinations of any of the foregoing, all whether or not registered or capable of being registered; (ii) common law and statutory trade secrets and all other confidential or proprietary or useful information that has independent value, and all know-how, in each case whether or not reduced to a writing or other tangible form; (iii) all copyrights, whether arising under statutory or common law, whether registered or not; (iv) all trademarks, trade names, corporate names, company names, trade styles, service marks, certification marks, collective marks, logos, and other source of business identifiers, whether registered or not; (v) moral rights in those jurisdictions where such rights are recognized; (vi) any rights in source code, object code, mask works, databases, algorithms, formulae and processes; and/or (vii) all other intellectual property and proprietary rights, and all rights corresponding to the foregoing throughout the world.
    8. “Licensed Services” means any paid subscription to the Solution that Customer purchased by executing an Order. Subscription to the Licensed Services may include various subscription plans with different features, tools or modules.
    9. “Solution” means the Company's proprietary portal and web service made available by Company through the Company's website including any updates, upgrades, versions, enhancements, improvements, and modifications thereto.
    10. “Order(s)” refers to any ordering document specifying the Parties have signed and entered in respect of the scope of use Solution, including as may be available on the Company’s website or interface of the Solution.

Date of Last Update: November 27, 2025

Exhibit A

Service Level Agreement

1. Introduction and Definitions

This document defines Company's policies, definitions, and responsibilities with regard to Company's Standard Support and Maintenance offering only.

“Support” refers to Company's responsibilities to address errors related to any of the Company SaaS services or its Enforcers, which are verifiable and reproducible failure of the services to substantially conform to its published specifications (“Error”). Notwithstanding the foregoing, “Error” shall not include any failure caused: (i) by the access, use or operation of the services with any other hardware, software or programming languages or in an environment other than intended or recommended by Company; (ii) by any bug, defect, error or malfunction in any hardware or software used with the services and not provided by Company or other parties acting on its behalf (such as licensors and vendors) or any other failure of any such hardware to conform to its published specifications; (iii) due to modifications, alterations and repairs to the services not made by Company, except as authorized in writing by Company; (iv) due to misuse, accidents or improper access or maintenance not performed by Company;. In the event that any problem or error is discovered to fall outside of the scope of the definition of Error, then Company reserves the right to recover all expenses related to the support provided, at the then current prices for such services provided such prices were agreed in advance with licensee.

“Scheduled Maintenance Interruption” refers to any planned down time, interruption or degradation of the services or the operation of the system which is required, in Company’s opinion, for the correction or update of any part of the system and for any reason and for which a prior notice was given reasonably in advance.

“Emergency Maintenance Interruption” refers to any unexpected down time, interruption or degradation of the services or the operation of the system which is required for the correction of any part of the system for any reason, including but not limited to, in order to correct any Security Level 1 or Security Level 2 incidents.

Company’s support may be subject to the support received by Company from its third party hosting providers. Company’s support excludes: (i) force majeure events; (ii) scheduled maintenance; (iii) Customer’s Internet service failures; (iv) any failure of Customer’s own hardware, software or network connection; (v) Customer’s bandwidth restrictions; (vi) Customer’s acts or omissions, including without limitation non-compliance with the Licensed Product minimal prerequisites; and/or (vii) any failures of Company’s third party hosting providers.

Support and Maintenance do not include on-site technical support, consulting (redesigning, re-architecting or reconfiguring Customer's network), support for incompatible products or third party products, training, professional services or related out-of-pocket expenses.

2. Support Hours and Channels

Standard Support is provided during regular Business Hours. Remote access to customer environment may be required for proper support upon mutual coordinate with Customer. If remote access is not available, Company will not be responsible for any delay caused to the initial response time.

Support hours are under Israel local time, Sunday through Thursday; 8:00am to 5:00pm (“Business Hours”). A request for response to a call during hours which are not Business Hours shall be subject to payment of additional fees in accordance with Company’s professional services rates.

3. Severity Levels and Expected Response Time

Customer shall promptly notify Company in detail of any Error upon its knowledge thereof.

Company will make a commercially reasonable effort to address any support call professionally. However, Company guarantees a specific response time according to the severity of the reported issue. The following table defines the severity levels and the maximum response times guaranteed by the Company support team:

Severity Level

Definition

Response Time

1

An emergency situation, in which the primary system (i.e. the system supported by Company) produces materially incorrect results, fails catastrophically or is otherwise rendered inoperable.

Up to 1 business day

2

Some elements or components of the service are inoperative resulting in loss of data, functionality or degraded performance, but where a temporary workaround is available (such as terminating the service).

Up to 3 business days

3

All other service-impacting events, which carry less significance than Severity 1 or 2.

Up to 5 business days

4

All non-service-impacting issues such as documentation or product enhancement requests, questions, etc.

Up to 5 business days

No further services or warranties are provided in respect of service levels, uptime, etc. and this Exhibit A is Customer’s sole and exclusive remedy for any service failure.

4. Availability

Company will ensure effective and efficient achievement of availability of the Service during Service Hours. Service Hours are defined as any time outside scheduled Maintenance.

Availability will be calculated on a monthly basis. It will be calculated as follows:

% Availability = (Service Hours – Scheduled Maintenance) – Service Downtime × 100

(Service Hours – Scheduled Maintenance)

The agreed % availability that is guaranteed is <99%>.

1. A Maintenance schedule has been drawn up for scheduled Maintenance. A notice for Schedule Maintenance Interruption shall be provided at least 3 days prior to the Scheduled maintenance occurrence; A notice for Emergency Maintenance Interruption shall be provided as soon as practically possible following the event which requires such interruption, and if possible at least 24 hours prior to the Scheduled maintenance occurrence. Scheduled Maintenance Interruption and Emergency Maintenance Interruption are referred to collectively as Scheduled Maintenance and shall be calculated together and in the aggregate for the purpose of determining availability.
2. Company will attempt to maximise actual availability even during the period for scheduled Maintenance. In no event shall planned downtime, be it for a major release or others, exceed six (6) hours per month, and reasonable efforts shall be made that downtime shall be made during non-Business Hours.

Exhibit B

Data Processing Agreement (DPA)

This Data Processing Agreement (“Agreement”) is incorporated by reference into the Shapes Terms of Use (“Main Agreement”) entered into on Effective Date of the Main Agreement between the party entering the Main Agreement (“Controller”) and Dream Team HR Apps Ltd. d/b/a Shapes, on behalf of itself and its affiliates (“Processor”). All defined terms contained herein shall have the same meaning as the definitions set forth in the Main Agreement.

1. Processor's Compliance. Processor shall comply with the following in respect of any and all personal data (as defined under Regulation (EU) 2016/679 (General Data Protection Regulation) and European Union (Withdrawal Agreement) Act 2020 and amended by The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2020), the standard contractual clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as amended from time to time and personal information (as defined under the California Consumer Privacy Act of 2018) (“PII”, “GDPR”, “UK GDPR”, “SCC” and “CCPA” respectively), or any other privacy and data protection laws and regulations applicable to the processing of PII under the Main Agreement.
2. Controller's Compliance. Controller's instructions for processing of PII shall comply with all applicable privacy and data protection laws, including the GDPR, CCPA, UK GDPR or any other privacy and data protection laws and regulations applicable to the processing of PII under the Main Agreement (collectively, “Applicable Law”). Controller shall have sole responsibility for the accuracy, quality and legality of PII and the means by which Controller acquired PII.
3. Details of Processing. The details of the processing activities to be carried out by Processor in respect of the Services are specified in Appendix 1.
4. Data Subjects Rights. Processor shall assist Controller, by using appropriate technical and organizational measures, in the fulfilment of Controller's obligations to respond to requests by data subjects in exercising their rights under applicable laws. In addition, Processor shall, unless otherwise required by Applicable Law, (i) immediately notify Controller of any request raised by a Data Subject with respect to PII processed under the Main Agreement and; (ii) not respond to any Data Subject request, except on a written instruction of Controller or as required by Applicable Law to which Processor is subject, while in the latter case, unless that Applicable Law prohibit so, Processor shall inform Controller of that legal requirement prior to responding to the request.
5. Confidentiality. Processor shall ensure that its personnel engaged in the processing of PII are bound by a confidentiality undertaking. In addition, Processor shall ensure that (i) access to personal data provided by Controller under the Main Agreement is strictly limited to those individuals who need to know or access the relevant PII for the purpose of the Main Agreement; (ii) it maintains a list of personnel having access to PII under the Main Agreement, review such list from time to time and delete excess credentials and present such list to Controller upon request, and (iii) all Processor’s personnel will receive periodical training on data protection and security.
6. Data Breach. Processor will immediately notify Controller after becoming aware of any suspected or actual breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, access to, or harm to the integrity of PII (“Data Breach”). Processor shall (i) provide Controller with all relevant information on such Data Breach, (ii) reasonably assist Controller in investigation, prevention and remediation of such Data Breach, and (iii) implement any corrective measures required for remediation.
7. Records. Processor will maintain up-to-date written records of its processing activities, including, inter alia, Processor's and Controller's contact details, details of data protection officers (where applicable), the categories of processing, transfers of PII across borders and the technical and organizational security measures implemented by the Processor. Upon request, Processor will provide an up-to-date copy of these records to Controller.

‍

8. Sub-Processors. Controller acknowledges and agrees that Processor may engage any of the third-party sub-processors listed in Appendix 2, which Processor may update from time to time. Processor shall notify Controller of any intended changes concerning the addition or replacement of a sub-processor, and the Controller shall be entitled to object such changes. Such sub-processors shall be bound by data protection obligations no less protective than those in this Agreement to the extent applicable to the nature of the Services provided by such sub-processor. If required for processing by any of Processor’s entities, the EU Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as amended from time to time shall also apply hereto.
9. Assistance. Processor will reasonably assist Controller, at Controller’s expense, in ensuring compliance with Controller's obligations related to the security of the processing, notification and communication of Data Breaches, conduct of data protection impact assessments and any inquiry, investigation or other request by a supervisory authority.
10. Possible Violation. Where Processor believes that an instruction would result in a violation of any applicable data protection laws, Processor shall notify the Controller thereof.
11. Information. Processor will make available to Controller, upon reasonable request, information necessary to demonstrate compliance with the obligations set forth in this Agreement.
12. Audits. Upon Controller's request, Processor shall reasonably cooperate with audits and inspections of its compliance with the requirements and obligations herein and/or under applicable law. Such audits and inspections may be conducted by any third party designated by Controller no more than once per year during Processor’s normal business hours. The performance of the audit shall be conducted subject to the confidentiality obligations in the Main Agreement and any results of the audit shall be deemed Processor’s Confidential Information.
13. Technical and Organizational Measures.
    
    1. Processor shall implement and maintain all technical and organizational measures that are required for protection of the PII and ensure a level of security that is appropriate to for dealing with and protecting against any risks to the rights and freedoms of the data subjects, and as required in order to avoid accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to PII and/or as otherwise required pursuant to Applicable Law. The measures set forth in the Security Documentation are hereby deemed as appropriate and sufficient. When complying with Section 13.2 hereof, Processor shall take into consideration the state of technological development existing at the time and the nature, scope, context and purposes of processing as well as the aforementioned risks.
    2. Processor shall regularly monitor its compliance with this Agreement and will provide Controller, upon request, with detail on those security measures adopted by Processor in connection with the provision of the Solution pursuant to the Main Agreement, as updated from time to time by the Processor (“Security Documentation”) as well as its implementation. Processor shall ensure that all persons acting under its authority or on its behalf and having access to the PII, do not process the PII except as instructed by Controller and permitted herein.
14. Transfer of PII to Third Countries.

1. Transfers to Countries that Offer Adequate Level or Data Protection. PII may be transferred from EU Member States, the three EEA member countries (Norway, Liechtenstein and Iceland) (collectively, “EEA”), Switzerland and the United Kingdom (“UK”) to countries that offer an adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the EEA, the European Union, the Member States or the European Commission, Switzerland, and/or the UK (“Adequacy Decisions”), as applicable, without any further safeguard being necessary.
2. Transfers to Other Countries. If the processing of PII by Processor includes a transfer (either directly or via onward transfer) to other countries which have not been subject to a relevant Adequacy Decision, such transfers shall be performed through an alternative recognized compliance mechanism for the lawful transfer of Personal Data, and the following shall apply:

1. If processing involves a transfer of PII from the EEA or Switzerland (“EEA Transfer”), the terms of the Standard Contractual Clauses as set forth in Appendix 3 (EEA Cross Border Transfers) shall apply;
2. If processing involves a transfer of PII from the UK (“UK Transfer”), the terms of the IDTA as set forth in Appendix 4 (UK Cross Border Transfers) shall apply.

15. Return and Deletion of PII. On the Controller's request, Processor shall return or destroy PII to the extent allowed by applicable law. Notwithstanding the foregoing, Processor may retain such PII to the extent required by applicable laws to which Processor is subject, provided that such PII retained shall be secure in accordance with the requirements of this DPA.
16. Amendments. If Processor considers that changes are required to this Agreement in order to comply with requirements of applicable laws or of a competent authority, this Agreement will be amended accordingly.

Appendix 1 - Processing Details

1. Nature, purpose and subject matter of the Processing. The nature, purpose and subject matter of the Processing is the provision of the Solution set forth in the Main Agreement and all tasks related to the above, including acting upon Controller’s instructions provided in accordance with the Main Agreement, sharing Personal Data with any third party processors, or complying with any obligation under applicable law. The Solution will provide insights in order to improve visibility on the hiring pipeline, including sources of candidates’ applications, drops in the recruitment funnel, recruiters and interviewers calibration as well as any aspect relating to HR management.
2. Duration of Processing. Processor will process Personal Data pursuant to the DPA and Main Agreement for the duration of the Main Agreement, including any period encompasses in the consequences of termination, unless otherwise agreed upon in writing.
3. Categories of Data Subjects. Employees, candidates, agents, advisors, freelancers, contractors (and any other Authorized User who is a natural person).
4. Type of Personal Data. Controller has broad discretion privilege to submit Personal Data to the Solution, the extent of which is determined and controlled by Controller in its sole discretion. This may include, inter alia: (i) contact information such as name, email address and phone numbers; (ii) professional information such as certifications, training, previous employment; (iii) health related information, such as disabilities, risk factors, etc.; (iv) personal information, including hobbies, preferences etc.; and any other information deemed by Controller as relevant to the management of its personnel’s working environment.

Appendix 2 - Sub-Processors

Controller has authorized the use of the following sub-processors:

Name

Services

Location

AWS

Elastic Beanstalk, S3, EC2, SNS, SQS, SES, RDS

East US - N. Virginia

Azure

Application Insights, Azure Data Explorer

East US

Appendix 3

SCHEDULE 4

STANDARD CONTRACTUAL CLAUSES

1. Module Two (Controller to Processor) of the Standard Contractual Clauses shall apply where the EEA Transfer is effectuated by Customer as the data controller of the Personal Data and Company is the data processor of the PII.
2. Module Three (Processor to Processor) of the Standard Contractual Clauses shall apply where the EEA Transfer is effectuated by Customer as the data processor of the Personal Data and Company is a Sub-processor of the Customer Data.
3. Clause 7 of the Standard Contractual Clauses (Docking Clause) shall apply.
4. Option 2: GENERAL WRITTEN AUTHORISATION in Clause 9 of the Standard Contractual Clauses shall apply, and the method for appointing and time period for prior notice of Sub-Processor changes shall be as set forth in Section 7 of the DPA.
5. In Clause 11 of the Standard Contractual Clauses, the optional language will not apply.
6. In Clause 17 of the Standard Contractual Clauses, Option 1 shall apply, and the Parties agree that the Standard Contractual Clauses shall be governed by the laws of the Republic of Ireland.
7. In Clause 18(b) of the Standard Contractual Clauses, disputes will be resolved before the courts of the Republic of Ireland.
8. Annex I.A of the Standard Contractual Clauses shall be completed as follows:

Data Exporter: Customer.

Contact details: As detailed in the Agreement.

Data Exporter Role:

Module Two: The Data Exporter is a data controller.

Module Three: The Data Exporter is a data processor.

Data Importer: Company.

Contact details: As detailed in the Agreement.

Data Importer Role:

Module Two: The Data Importer is a data processor.

Module Three: The Data Importer is a sub-processor.

9. Annex I.B of the Standard Contractual Clauses shall be completed as follows:

The categories of Data Subjects are described in Appendix 1 (Details of Processing) of this DPA.

The categories of Personal Data are described in Appendix 1 (Details of Processing) of this DPA.

The frequency of the transfer is a continuous basis for the duration of the Agreement.

The nature of the processing is described in Appendix 1 (Details of Processing) of this DPA.

The purpose of the processing is described in Appendix 1 (Details of Processing) of this DPA.

The period for which the PII will be retained is for the duration of the Agreement, unless agreed otherwise in the Agreement and/or the DPA.

In relation to transfers to Sub-Processors, the subject matter, nature, and duration of the processing is set forth in Appendix 1 (Details of Processing) of this DPA.

10.Annex I.C of the Standard Contractual Clauses shall be completed as follows:

The competent supervisory authority in accordance with Clause 13 is the supervisory authority in the Member State stipulated above.

11.The security measures referred to in the DPA in Section 12 of the DPA serve as Annex II of the Standard Contractual Clauses.

Appendix 4

INTERNATIONAL DATA TRANSFER ADDENDUM

Purpose. This Appendix supplements the Data Processing Agreement entered into among the Parties to govern the international transfer of Personal Data out of the United Kingdom. By signing below, the Parties agree to the terms of this Schedule.

PART 1: TABLES

TABLE 1 - Parties

Start date

The Parties

Exporters (who sends the Restricted

Transfer)

Importer (who receives the Restricted

Transfer)

Parties’ details

Full legal name: Customer Address: as set forth in the Agreement.

Official registration number:

Full legal name: Dream Team HR Apps

Ltd

Address: 14 Ahad Ha'Am Street, Tel

Aviv, Israel

Company number: 516324100

Key Contact

Name: Arnon Nir

Title: CEO

Contact details: support@shapes.co

TABLE 2 - Selected SCCs

Addendum EU SCCs

The Approved EU SCCs, including the Appendix Information and with selected modules, is detailed in Appendix 3 above, with the amended provisions set forth below, including the Appendix Information, are fully incorporated herein for purposes of this Addendum.

In Clause 17 of the Standard Contractual Clauses, Option 1 shall apply, and the Parties agree that the Standard Contractual Clauses shall be governed by the laws of England and Wales.

In Clause 18(b) of the Standard Contractual Clauses, disputes will be resolved before the courts of England and Wales.

TABLE 3 - Appendix Information

“Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:

Annex 1A

List of Parties: As described in Appendix 4 of this DPA

Annex 1B

Description of Transfer: As described in Appendix 4 of this DPA

Annex II

Technical and organisational measures including technical and organisational measures to ensure the security of the data: As described in Section 12 of the DPA.

Annex III

List of Sub Processors: As described in Appendix 2 of this DPA

TABLE 4 - Ending this Addendum

Ending this Addendum when the Approved Addendum

changes

Which Parties may end this Addendum as set out in Section 19:

Importer

PART 2: MANDATORY CLAUSES

Mandatory Clauses incorporated by this express reference:

https://ico.org.uk/media/for-or ganisations/documents/401953

9/international-data-transferaddendum.pdf

Incorporation by reference of Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and submitted to Parliament in accordance with s119A of the Data

Protection Act 2018 on 2 February 2022 and approved on 21 March 2022, as amended from time under Section 18 of those Mandatory Clauses.

‍