Exlink

Lulo Solutions LLC

Terms of Service

Version 3.0 Last Updated: January 21, 2026

THESE TERMS OF SERVICE (the “Terms of Service” or “Terms”) govern the use of Exlink, a Software as a Service (“SaaS”) platform owned by Lulo Solutions LLC, a Wyoming limited liability company (“Lulo Solutions” or the “Company”). The Exlink platform (“Exlink”) assists Clients in providing international student exchange, au pair, work & travel programs (“Exchange Services”). These Terms apply to and are legally binding on anyone that accesses or uses the Exlink software-as-a-service platform (the “Service”) at www.exlink.org.

1. Platform Overview

The Exlink software-as-a-service platform assists Clients in administering international student exchange, au pair, work & travel programs (“Exchange Services”).

2. Definitions

For the purposes of these Terms of Service, the following definitions shall apply:

(a) “Client” means an entity that has contracted with Lulo Solutions by signing a Lulo Solutions Joinder Agreement for a license to use Exlink by its authorized users.

(b) “Authorized User” means a participant designated by a Client to access and use the platform in connection with Exchange Services.

(c) “Electing Participant” means an Authorized User who opts into optional products or services offered through the platform.

3. Configuration vs. Customization

(a) “Configuration” means the implementation of a Client’s chosen standard variables as set forth in the applicable Joinder Agreement.

(b) “Customization” means modifications requiring Company to alter or create non-standard features beyond the scope of standard Configuration.

The Company shall determine, at its sole discretion, the classification of any requested modification at the time of agreement execution.

4. Non-Exclusive Services

Company may provide services to others of its clients even if such services are similar to or the same as services Company provides to Client. Nothing in these Terms shall be construed to grant Client any exclusive right to the Company’s services.

5. Agreement Binding Nature

These Terms of Service and the End User License Agreement (“EULA”) posted at exlink.org/legal are binding on all users who access the platform. Acceptance of these Terms occurs through access to or use of the platform.

6. EULA Integration

The End User License Agreement is incorporated into these Terms by reference and made a part hereof. All users, whether Client or otherwise, are bound by both these Terms of Service and the EULA.

7. Client Content Responsibility

Client retains ownership of all information entered into the platform (“Client Content”). Company is not responsible for the accuracy or suitability of such information. Upon termination of the Agreement and receipt of full payment of all outstanding amounts, Company shall assist Client in transferring Client Content to a repository designated by Client.

8. Intellectual Property Rights

Client’s Rights

Client retains all right, title, and interest in and to Client Content. Client hereby grants to Company a non-exclusive, fully paid-up, royalty-free, worldwide license to use, copy, store, transmit, and display Client Content solely for the purpose of operating and maintaining the platform.

Company’s Rights

Company is the sole and exclusive owner of Exlink and all associated intellectual property rights worldwide. Any feedback, suggestions, or recommendations provided by Client or its Authorized Users shall be deemed a voluntary contribution, and Client shall have no confidentiality claims with respect thereto. Company shall have worldwide, non-exclusive, perpetual, irrevocable, royalty-free, fully paid-up rights to use, incorporate, and otherwise exploit such feedback for any purpose.

9. Account Creation and Use Restrictions

Usage of Exlink is limited to Clients and Authorized Users for the purpose of administering Exchange Services only. Each user must create a separate account for each Client Sponsor with which they are associated. Client bears sole responsibility for the accuracy of information provided by its Authorized Users. All access rights granted under these Terms terminate immediately upon termination of the applicable License.

10. Fees and Payment Terms

Invoicing

Fees shall be determined in accordance with the specifications set forth in the applicable Joinder Agreement. Company shall invoice Client per the cadence stated therein. Payment shall be due on the date specified on the invoice or as otherwise set forth in the Agreement.

Dispute Procedures

Client must notify Company in writing of any invoice dispute within five (5) days of receipt of such invoice. Such notice must describe the basis for the dispute in reasonable detail. Client shall pay all undisputed amounts in a timely manner regardless of any pending dispute.

Late Payment Consequences

Any undisputed amounts remaining unpaid beyond five (5) days after the applicable due date shall accrue interest at a rate of 1.5% per month (18% per annum), or the maximum rate permitted by applicable law, whichever is lower. Interest shall be calculated daily on a 30-day month basis and compounded monthly.

Suspension for Non-Payment

Any invoice remaining unpaid for thirty (30) days or more after the applicable due date shall entitle Company to suspend Client’s access to the platform. Company shall provide written notice to Client prior to suspending access. Client shall reimburse Company for all reasonable collection costs, including attorney fees. Reinstatement of access may require completion of reactivation steps as determined by Company.

11. Third-Party Integrations

The platform integrates with the following third-party services:

  • U.S. Department of State API (immigration documents)
  • Criminal background check providers
  • Insurance provider APIs
  • Zapier (third-party application connections)

Company makes no warranties or representations regarding the functionality, accuracy, or availability of any third-party integrations. Client acknowledges that such integrations are subject to the terms and conditions of the applicable third-party providers.

12. Service Level Agreement

Service Availability Commitment

Company commits to maintaining 99.5% Service Availability during each calendar month, excluding periods of Scheduled Maintenance and Force Majeure events.

Definitions

(a) “Service Availability” means the ability to access and use Exlink as intended in accordance with its documentation.

(b) “Downtime” means any period during which Exlink is unavailable or non-functional, excluding periods of Scheduled Maintenance and Force Majeure events.

(c) “Scheduled Maintenance” means planned updates or maintenance activities that may cause temporary unavailability of the platform.

Service Credits

In the event that Service Availability falls below the 99.5% commitment, Client shall be entitled to a service credit equal to 5% of the applicable monthly fee for each full percentage point below 99.5%, up to a maximum credit of 100% of the monthly fee. Service Credits shall be applied to future Monthly Fees and shall not be refunded in cash. Client must submit a claim for Service Credits within thirty (30) days of the end of the applicable calendar month. Company shall review and apply approved credits within thirty (30) days of receipt of such claim.

Maintenance Notice

Company shall provide at least forty-eight (48) hours advance notice of Scheduled Maintenance via email or the platform. Periods of Scheduled Maintenance shall be excluded from the Downtime calculation.

Support Services

Support is available Monday through Friday, 9:00 AM to 5:00 PM Eastern Time, excluding U.S. holidays. Company targets an initial response within twenty-four (24) hours during business hours. Resolution times depend on the complexity and severity of the reported issue.

Client Responsibilities

Client shall maintain a compatible device, operating system, and internet connection sufficient for use of the platform. Client shall implement reasonable security measures to protect user credentials. Client shall promptly notify Company of any issues affecting use of the platform and shall provide reasonable cooperation and information necessary for troubleshooting.

Exclusions

The Service Level Agreement excludes any issues arising from Client’s failure to meet its responsibilities as set forth herein, or from external factors beyond the reasonable control of Company.

Liability Limitation

Company’s sole and exclusive liability for any failure to meet the Service Availability commitment shall be limited to the Service Credits described in this Section. In no event shall Company be liable for any indirect, special, incidental, consequential, or punitive damages arising from or related to Service Availability.

13. Termination Rights

Either party may terminate this Agreement for any reason or no reason upon ninety (90) days advance written notice to the other party. In the event of a material breach by either party, the non-breaching party may terminate this Agreement upon thirty (30) days written notice, provided that the breaching party fails to cure such breach within the thirty-day notice period. Client’s payment obligations for all fees accrued prior to the effective date of termination shall survive termination.

14. Privacy Policy

Personal Information Collection

Information collected through the platform includes, but is not limited to: name, address, email address, telephone number, date of birth, gender, government-issued identification (such as social security number, passport, and visa), other immigration-related information, and medical, health, and insurance information.

Uses of Personal Information

The Company uses Personal Information collected through the platform for the following purposes: to provide and maintain the platform; to facilitate Exchange Services on behalf of Clients; to communicate with Clients and Authorized Users regarding platform functionality and account management; to communicate Elective Product and Service offers to eligible users; to comply with applicable regulatory requirements; and to improve and enhance Exlink.

Data Sharing

Company may share Personal Information with the following categories of recipients: individuals who have provided their consent; service providers and contractors engaged by Company to support platform operations; third-party integrations as described in Section 11; governmental authorities and legal requirement responders as required by applicable law; and parties involved in safety and fraud protection contexts where disclosure is necessary to protect the rights, property, or safety of Company, its Clients, or others.

Data Transfers

Each User consents to the transfer of its Personal Information to the United States and other countries, which may have different data protection laws than the User’s country of residence.

User Access Rights

Users may access, correct, update, or delete their Personal Information stored in Exlink by contacting the designated contact via email.

15. Security Policy

Data Protection Standards

Company uses commercially reasonable organizational and technical measures to protect Client Data, including: limitation of access on a need-to-know basis; multi-factor authentication for administrative access; individually assigned SSH keys for external engineers; and prohibition on storage of Client Data on unauthorized portable devices.

Data Encryption

Strong encryption technologies protect Client Data both in transport and at rest, including but not limited to AES 256-bit encryption.

Network, Physical, and Environmental Controls

Company maintains network, physical, and environmental controls that include security patch assessment and testing, privileged access monitoring, VPN and encrypted connection requirements for remote access, and adherence to industry best practices for information security.

Security Limitations

No method of data transmission over the Internet and no electronic storage mechanism is completely secure. While Company employs commercially reasonable measures, Company cannot guarantee absolute security of Client Data.

User Account Security

Users are responsible for maintaining the confidentiality of their account credentials and must notify Company immediately at the designated security contact of any suspected unauthorized access to their account.

Data Retention

Company retains Client Data for as long as necessary to enable Exlink to support Exchange Services and to comply with applicable legal, regulatory, or contractual requirements.

AWS Infrastructure

The platform operates on Amazon Web Services (“AWS”) infrastructure, protected by Amazon’s security and environmental controls. Client Data is encrypted using AES-256 encryption both in transit and at rest. AWS does not have access to unencrypted Client Data.

Security Assessments

Company conducts regular penetration testing performed by independent third-party security experts, including both black-box automated and manual testing methodologies. High-level summaries of assessment results are available to Clients upon request.

Incident Response

Upon discovery of any unauthorized access to Client Data, Company shall take reasonable measures immediately to investigate and contain the incident. Company shall notify the Client’s designated security contact within twenty-four (24) hours of confirming such unauthorized access. Such notice shall include: the extent of exposure, a description of the incident, the timeline of events, the scope of affected data, and the response measures taken or planned.

Business Continuity

Company maintains a business continuity and disaster recovery plan and maintains reasonable processes to ensure failover redundancy with respect to systems, networks, and data storage.

Personnel Management

Company conducts employment verification for all new hires who will have access to Client Data. All such personnel receive training on their confidentiality obligations. Company continuously monitors employee activity within the production environment and immediately disables access upon termination of employment.

Secure Software Development

Company implements software development practices that are designed to reasonably protect Exlink software from tampering and unauthorized access, minimize security vulnerabilities in each release, and provide timely responses to address identified vulnerabilities.

16. Restrictive Covenants

Confidential Information Definition

“Confidential Information” means trade secrets or non-public information, including but not limited to: source code or object code, software designs, operating policies and procedures, prices, terms and conditions, business plans, marketing or sales plans or strategies, identities of customers and their needs and requirements, employee and personnel information, internal reports, and financial information.

Exclusions from Confidentiality

Information shall not be deemed Confidential Information if:

(a) it becomes publicly available without any action or fault of the receiving party;

(b) the receiving party possessed it prior to disclosure without any restriction on use or disclosure;

(c) it was rightfully obtained from an unrestricted third-party source;

(d) it was independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information;

(e) disclosure is required by law, provided the receiving party uses reasonable efforts to provide prior notice to the disclosing party; or

(f) it is disclosed with the prior written consent of the disclosing party.

Non-Disclosure Period

Recipients shall exercise at least the same level of care in protecting the disclosing party’s Confidential Information as it exercises in protecting its own Confidential Information of like kind. Recipients shall not disclose Confidential Information during or after the term of this Agreement except to parties with a legitimate need to know. Recipients shall not use Confidential Information for any purpose without the prior written consent of the disclosing party.

Conflict Resolution

In the event of a conflict between the Privacy Policy and the confidentiality or security provisions of these Terms, the Privacy Policy shall control.

Material Return

Upon termination of this Agreement or upon written request of the disclosing party, the receiving party shall return to the disclosing party all originals and copies of records, reports, documents, lists, plans, memoranda, notes, and other documentation containing or reflecting Confidential Information.

Non-Solicitation

During the term of this Agreement and for a period of twelve (12) months following termination (the “Restricted Period”), Client shall not hire, solicit, or encourage any employee, consultant, or contractor of Company to leave Company’s engagement, nor shall Client hire any person who has left Company’s employment within the preceding one (1) year.

Non-Disparagement

During the Restricted Period, Client shall not criticize, ridicule, or make any statement which disparages or is derogatory of the Company, its products, services, officers, employees, or affiliates.

Reasonableness Clause

The parties agree that the restrictive covenants set forth in this Section are reasonable in scope, duration, and geographic reach given the nature of the parties’ business relationship. In the event that a court of competent jurisdiction determines any restriction to be unreasonable, the court may reduce the scope of such restriction to the maximum extent enforceable under applicable law.

Remedies

In the event of a breach or threatened breach of any restrictive covenant set forth in this Section, the non-breaching party shall be entitled to seek injunctive relief in addition to any other remedies available at law or in equity, the parties acknowledging that monetary damages alone would be inadequate to compensate for such breach.

17. GDPR Data Protection

Applicability

This Section applies to any transactions involving citizens or residents of the European Union where Personal Data is transferred from the EU to the United States. In the event of a conflict between this Section and any other provision of this Agreement, the provisions of this Section shall be construed to conform to the requirements of the General Data Protection Regulation (“GDPR”).

Hierarchy

These Clauses shall prevail in the event of any contradiction with related agreements between the parties.

Data Protection Safeguards

The Data Exporter warrants that it has used reasonable efforts to determine that the Data Importer is able to satisfy its obligations under these Clauses through the implementation of appropriate technical and organizational measures.

Purpose Limitation

The Data Importer shall process the Personal Data only for the specific purpose(s) of the transfer, as set out in this Agreement. The Data Importer shall not process Personal Data for any other purpose without the prior written consent of the Data Exporter.

Transparency

The parties may redact confidential information from documentation provided under these Clauses, provided that meaningful summaries are made available in place of any redacted materials.

Accuracy and Minimization

The Data Importer shall notify the Data Exporter without undue delay of any inaccuracy in the Personal Data of which it becomes aware. The parties shall cooperate in good faith with respect to the erasure or rectification of inaccurate Personal Data.

Storage Limitation

Upon termination or expiration of the services, the Data Importer shall delete all Personal Data processed on behalf of the Data Exporter and shall certify such deletion in writing, or, at the Data Exporter’s election, return such data to the Data Exporter. If local laws prohibit deletion, the Data Importer shall continue to comply with these Clauses with respect to such data.

Security of Processing

The parties shall implement appropriate technical and organizational measures to ensure the security of Personal Data. In assessing the appropriate level of security, the parties shall take into account the state of the art, the costs of implementation, the nature, scope, context, and purpose of processing, and the risks involved. The parties shall consider encryption or pseudonymization where appropriate. The parties shall conduct regular assessments to ensure continued adequacy of security measures. All authorized personnel shall maintain the confidentiality of Personal Data. In the event of a security incident, the parties shall implement appropriate mitigation measures. The Data Importer shall notify the Data Exporter of any Personal Data breach without undue delay, including all relevant details.

Sensitive Data

Special restrictions and additional safeguards apply to the processing of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, data concerning sexual orientation, and data relating to criminal convictions and offenses.

Onward Transfers

Personal Data shall only be disclosed to third parties in accordance with documented instructions from the Data Exporter and only to third parties that are bound by contractual obligations equivalent to the GDPR Clauses set forth herein.

Documentation and Compliance

The Data Importer shall maintain documentation of all processing activities carried out on behalf of the Data Exporter. The Data Importer shall make available to the Data Exporter all information necessary to demonstrate compliance with the obligations set forth in these GDPR Clauses. The Data Importer shall allow and contribute to audits conducted by the Data Exporter or an auditor mandated by the Data Exporter at reasonable intervals or upon indication of non-compliance. Relevant certifications held by the Data Importer may be considered in assessing compliance. Audits may include inspections of the Data Importer’s premises with reasonable prior notice.

Sub-Processor Management

The Data Exporter grants general authorization for the engagement of sub-processors from an agreed-upon list. The Data Importer shall provide at least seven (7) days advance notice of any changes to the list of sub-processors. All sub-processor contracts shall include data protection obligations equivalent to those set forth in these Clauses. The Data Importer remains fully responsible for the performance of its sub-processors. In the event of the Data Importer’s dissolution, the Data Exporter shall have third-party beneficiary rights under the sub-processor contracts.

Data Subject Rights

The Data Importer shall promptly notify the Data Exporter of any request received directly from a data subject and shall not respond to such request independently unless authorized by the Data Exporter. The Data Importer shall assist the Data Exporter in fulfilling its obligations to respond to data subject rights requests under the GDPR. The Data Importer shall comply with the Data Exporter’s instructions regarding the handling of such requests.

Redress Mechanisms

The Data Importer shall maintain a transparent contact point for data subject complaints. All complaints shall be handled promptly and in good faith. Data subjects retain the right to lodge complaints with the applicable supervisory authority or to bring court proceedings. Non-profit representation is permitted in accordance with Article 80 of the GDPR.

Liability Framework

Both parties shall be liable for breaches of the obligations set forth in these GDPR Clauses. The Data Importer shall be liable to data subjects for material and non-material damages resulting from breaches of these Clauses. The Data Exporter may be liable if the Data Importer breaches third-party beneficiary rights. Where multiple parties are responsible for the same damage, the parties shall be jointly and severally liable. A liable party may seek contribution from any other party responsible for the damage in proportion to such party’s share of responsibility.

Supervision

The supervisory authority of the EU Member State in which the Data Exporter is established shall oversee compliance with these Clauses. The Data Importer submits to the jurisdiction of such supervisory authority. The Data Importer shall cooperate with the supervisory authority in all compliance procedures and shall respond to inquiries from such authority.

Local Laws and Practices

The parties warrant that they have no reason to believe that the laws and practices in the destination country applicable to the processing of Personal Data prevent the Data Importer from fulfilling its obligations under these Clauses. Laws that respect the essence of fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society shall not be considered to contradict these Clauses. The parties shall assess the specific circumstances of the transfer, including the transmission channels used, the type of recipient, the intended purpose, and the categories of data transferred. Such assessment shall include consideration of the laws of the destination country, including any requirements for disclosure to public authorities. All assessment documentation shall be made available to the supervisory authority upon request.

Notification of Compliance Issues

The Data Importer shall promptly notify the Data Exporter if it becomes subject to laws or practices that are inconsistent with the requirements of these Clauses or that would prevent it from fulfilling its obligations hereunder.

Remediation and Suspension

The Data Exporter may suspend transfers or terminate the contract in the event of Data Importer non-compliance with these Clauses. Either party may revoke these GDPR Clauses if the European Commission adopts an adequacy decision covering the destination country or if the GDPR otherwise becomes applicable in the destination country by operation of law.

Dispute Resolution

Disputes arising under these GDPR Clauses shall be resolved in the courts of the EU Member State in which the Data Exporter is established. Data subjects may bring proceedings in the courts of their habitual place of residence.

Public Authority Access

Notification Obligations

The Data Importer shall promptly notify the Data Exporter of any legally binding request for disclosure of Personal Data received from a public authority, including the identity of the requesting authority, the legal basis for the request, and the response provided. The Data Importer shall also notify the Data Exporter if it becomes aware of any direct access to Personal Data by a public authority.

Notification Limitations

If the Data Importer is prohibited from notifying the Data Exporter of a disclosure request, it shall use best efforts to obtain a waiver of such prohibition. The Data Importer shall document all efforts made to obtain such waiver.

Legality Review

The Data Importer shall review the legality of each disclosure request and shall challenge any request that it reasonably believes to be unlawful. The Data Importer shall pursue all available appeals under the same conditions. The Data Importer shall seek interim measures suspending the effects of any such request pending judicial review. The Data Importer shall not disclose the requested Personal Data until procedurally required to do so.

Documentation

The Data Importer shall document its legal assessment and any challenges made with respect to disclosure requests. Such documentation shall be made available to the Data Exporter and the supervisory authority to the extent permissible under applicable law.

Minimization

The Data Importer shall provide the minimum amount of information permissible in responding to a disclosure request, based on a reasonable interpretation of the request.

Non-Compliance and Termination

The Data Importer shall promptly inform the Data Exporter of any inability to comply with these GDPR Clauses. The Data Exporter shall suspend transfers until compliance is restored or the contract is terminated. The Data Exporter may terminate the GDPR Clauses if: the suspension persists beyond a reasonable period of time, or one (1) month, whichever is shorter; the Data Importer is in substantial or persistent breach; or a binding decision of a court or supervisory authority establishes non-compliance. Upon termination, all Personal Data shall be returned to the Data Exporter or deleted, at the Data Exporter’s election, and the Data Importer shall certify any such deletion. The Data Importer shall continue to comply with these Clauses until all data is deleted or returned, and shall continue to comply with local law restrictions applicable to retained data.

Agreement Revocation

Either party may revoke these GDPR Clauses upon the European Commission’s adoption of an adequacy decision covering the destination country or upon the GDPR becoming applicable in the destination country by operation of law.

18. CCPA Data Protection

As of the last update of these Terms, Lulo Solutions and Exlink are not subject to either the California Consumer Protection Act (“CCPA”) or the California Consumer Rights Act (“CCRA”). The Company will update these Terms in the event that such laws become applicable to its operations.

19. Elective Product/Service Offers

Communication Rights

Company may send informational or promotional communications regarding Elective Products and Services from third-party vendors to Authorized Users, provided that such vendors maintain current CSIET certification (or equivalent) and do not directly compete with Client’s offerings.

Delivery and Data Use

All such communications shall be delivered exclusively by Company through email, website, SMS, or similar channels. No Personal Information of Authorized Users shall be disclosed to any third-party vendor without separate written consent from the applicable user.

Competitive Safeguard

Company shall not knowingly distribute offers from vendors that directly compete with Client’s offerings. Client may object in writing to any specific campaign, and Company shall review such objection in good faith and may suspend the campaign at its discretion.

Disclaimer and Independence

Company does not endorse, warrant, or assume responsibility for any third-party products or services promoted through Elective Product/Service communications. All transactions arising from such communications are solely between the Client or Authorized User and the applicable third-party vendor.

Consideration

Company may receive referral fees or other consideration from third-party vendors in connection with Elective Product/Service communications.

Regulatory Compliance

All Third-Party Offers shall comply with applicable laws and regulations, including the CAN-SPAM Act, the EU e-Privacy Directive and GDPR, and applicable rules governing marketing communications directed at minors.

White-Label Exemption

White-Label Tenants (i.e., Clients operating under Client-branded platform instances exclusively) shall not receive Elective Product/Service communications without prior written consent (email being sufficient for this purpose). Such consent is revocable at any time.

20. Warranty Disclaimer

EXLINK, EXCHANGE SERVICES, AND ANY OTHER SERVICES OF THE COMPANY ARE PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

Company does NOT warrant that the services will be error-free, uninterrupted, or secure, or that defects or errors will be corrected.

21. Limitation of Liability

Excluded Damages

In no event shall Company be liable for any indirect, special, incidental, consequential, or punitive damages, including but not limited to lost profits or lost data, arising from or related to this Agreement, the Terms of Service, the EULA, or the use of Exlink, even if Company has been advised of the possibility of such damages.

Liability Cap

Company’s total aggregate liability under or in connection with this Agreement shall not exceed the total amount of fees actually paid by the complaining individual or entity to Company during the twelve (12) consecutive month period immediately preceding the event giving rise to such liability.

22. Indemnification

Client shall indemnify, protect, defend, and hold harmless Lulo Solutions, its owners, members, managers, officers, employees, independent contractors, and affiliates from and against any and all pending or threatened claims, damages, liabilities, causes of action, costs, and expenses (including reasonable attorney fees) arising out of or in connection with any breach of Client’s obligations under this Agreement.

23. Waiver

No waiver of any provision of this Agreement shall constitute a waiver of any other provision. No waiver shall constitute a continuing waiver. No waiver shall be binding unless executed in writing by the party granting such waiver.

24. Assignment

Neither Client nor any Authorized User may assign any rights or obligations under this Agreement without the express prior written consent of the Company. All provisions of this Agreement shall be binding upon and inure to the benefit of the parties’ respective successors and permitted assigns. Client is responsible for ensuring that this Agreement binds its personnel and partners to the extent applicable. All provisions that by their nature should survive termination shall survive and remain in full force and effect following termination of this Agreement.

25. Default

In the event of default by either party, the defaulting party shall reimburse the non-defaulting party for all costs and expenses reasonably incurred in connection with such default, including without limitation, reasonable attorney’s fees. In any enforcement action arising under this Agreement, the prevailing party shall be entitled to recover its reasonable costs and fees from the non-prevailing party.

26. Force Majeure

Relief from Obligations

Neither party shall be deemed in breach of this Agreement to the extent that performance of its obligations is prevented or delayed by a Force Majeure event that was unforeseeable at the time of execution and that the affected party cannot prevent, avoid, or remove by the exercise of reasonable diligence.

Defined Events

“Force Majeure” includes, but is not limited to: fire, earthquake, or other natural disasters or acts of God; explosion; acts of war (whether declared or undeclared); terrorism; insurrection; pandemic; epidemic; or any legal prohibition. Plant or equipment breakdown and unavailability of funds shall not constitute Force Majeure events unless directly caused by a Force Majeure event as defined herein.

Notice and Relief

The party asserting Force Majeure shall provide notice to the other party upon first foresight or knowledge of such event. Performance obligations shall be suspended for the duration of the Force Majeure event.

Termination

If the effects of a Force Majeure event persist for a period of at least one hundred twenty (120) days, either party may terminate this Agreement upon fifteen (15) days written notice to the other party.

27. Governing Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of the State of Wyoming, without regard to its conflicts of law principles. Any disputes arising under or in connection with this Agreement shall be litigated in any court of competent jurisdiction in Sheridan County, Wyoming, or in any State or Federal court having jurisdiction therein. Client hereby consents to the personal jurisdiction and venue of such courts.

28. Headings

The headings used in this Agreement are for convenience of reference only and shall not affect the interpretation or construction of any provision hereof.

29. Severability

If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction, this Agreement shall be construed without regard to such provision, and all remaining provisions shall continue in full force and effect.

30. Dispute Resolution and Binding Arbitration

Filing Procedure

Any party seeking arbitration shall deliver a written demand to the other party or parties and file such demand with the American Arbitration Association (“AAA”) at its Manhattan, New York office. The demanding party shall assert all known claims in its initial demand.

Statute of Limitations

A demand for arbitration must be filed no later than the date on which legal or equitable proceedings based on the same claims would be barred by the applicable New York statute of limitations.

Award Finality

The award rendered by the arbitrator shall be final and binding upon the parties, and judgment may be entered upon such award in any court of competent jurisdiction in accordance with applicable law.

Fee Allocation

Arbitration filing fees and the fees of the arbitrator shall be allocated as determined in good faith by the arbitrator.

Attorney Fees

The substantially successful party or parties shall be entitled to recover its reasonable attorney fees and costs from the other party, as determined by the arbitrator in its sole discretion.

Continued Operations

The parties shall continue to operate in compliance with this Agreement during the pendency of any dispute resolution proceeding.

31. Merger and Amendment

These Terms of Service, the Joinder Agreement, and the End User License Agreement constitute the complete and exclusive agreement between the parties with respect to the subject matter hereof. Any amendment to the Joinder Agreement shall require the written signature of both parties. Amendments to these Terms of Service and the EULA may be made by Company by posting the amended versions at exlink.org/legal.

THE TERMS OF SERVICE AND THE END USER LICENSE AGREEMENT ARE BINDING UPON ANY CLIENT OR USER THAT ACCESSES OR USES EXLINK. BY SUCH ACCESS OR USE, EACH CLIENT AND USER AGREES TO BE BOUND BY THE TERMS AND CONDITIONS SET FORTH HEREIN.

Security Contact: security@exlink.org Support Hours: Monday—Friday, 9:00 AM — 5:00 PM ET (excluding U.S. holidays)