Enterprise Readiness

# Assist Mi Legal Third-Party Integration Terms Version 1.0 Effective Date: ___________ ## 1. Purpose These Third-Party Integration Terms ("Integration Terms") govern the use of external services connected to Assist Mi Legal. These terms supplement the: Terms of Service User Agreement AI Use Policy Email Assistant Terms By connecting a third-party service, Customer agrees to these Integration Terms. ## 2. Connected Services Assist Mi Legal may support integration with third-party platforms including, but not limited to: Microsoft 365 Google Workspace Outlook Gmail Microsoft Teams SharePoint OneDrive Google Drive Dropbox Box QuickBooks Clio Zoom RingCentral OpenPhone DocuSign Adobe Sign and future third-party services. These services are collectively referred to as "Connected Services." ## 3. Authorization By connecting a Connected Service, Customer authorizes Assist Mi Legal to: Access authorized data Synchronize authorized records Import information Export information Update information Create records Execute approved workflows within the scope of permissions granted by Customer. ## 4. User Responsibility Customer is responsible for: Reviewing requested permissions Understanding permission scopes Managing connected accounts Managing user access Revoking access when appropriate Customer should only connect services for which it possesses appropriate authority. ## 5. Permission Scopes Connected Services may provide access to: Email Calendars Contacts Documents Matters Billing records Financial records Communication records Assist Mi Legal accesses only information authorized by Customer and supported by the integration. ## 6. Synchronization Activities Connected Services may be used to: Import documents Export documents Synchronize contacts Synchronize calendar items Synchronize matters Synchronize billing records Publish updates Execute workflows Synchronization may be manual, scheduled, or event-driven. ## 7. Third-Party Terms Customer acknowledges that Connected Services are governed by separate agreements between Customer and the third-party provider. Customer remains responsible for complying with: Microsoft terms Google terms Clio terms QuickBooks terms Other applicable provider terms Nothing in this Agreement modifies Customer's obligations to those providers. ## 8. Third-Party Availability Assist Mi Legal does not control Connected Services. Company is not responsible for: Service outages API changes Permission changes Rate limits Provider restrictions Data access limitations Service discontinuations Third-party providers may change functionality without notice. ## 9. Data Accuracy Data synchronized through Connected Services may be: Delayed Incomplete Duplicated Modified Unavailable Customer is responsible for verifying information before relying upon it. ## 10. Connected Service Security Customer is responsible for: Securing connected accounts Managing credentials Managing administrator permissions Monitoring connected applications Compromise of a Connected Service may impact platform functionality. ## 11. Revocation of Access Customer may revoke integration access at any time through: Connected application settings Third-party provider settings Administrative controls Revocation may disable associated functionality. ## 12. Workflow Automation Connected Services may participate in automated workflows. Examples include: Matter creation Calendar synchronization Email processing Document publishing Billing activities Reporting Customer remains responsible for reviewing and approving workflow configurations. ## 13. AI-Assisted Processing Connected Service data may be used by platform features, including AI-powered functionality, to: Organize information Generate summaries Draft communications Suggest actions Create workflows Such use remains subject to the AI Use Policy. ## 14. Confidential Information Customer is responsible for determining whether information synchronized through Connected Services may appropriately be processed through the platform. Nothing in these Integration Terms constitutes legal advice regarding confidentiality, privilege, privacy obligations, or regulatory compliance. ## 15. Compliance Responsibilities Customer remains responsible for: Regulatory compliance Ethical obligations Privacy obligations Data retention requirements Recordkeeping obligations Assist Mi Legal does not guarantee compliance with any particular regulatory framework. ## 16. Suspension Assist Mi Legal may suspend or disable integrations when necessary to: Protect platform security Respond to abuse Comply with provider requirements Address technical issues ## 17. Limitation of Liability Assist Mi Legal is not responsible for damages arising from: Third-party outages API failures Synchronization failures Provider policy changes Provider security incidents Provider service interruptions Customer assumes responsibility for supervising integration usage. ## 18. Acceptance By connecting a third-party service, Customer acknowledges and agrees that: 1. Assist Mi Legal may access authorized data. 2. Synchronization activities may occur. 3. Third-party services are governed by separate agreements. 4. Third-party outages may impact functionality. 5. Customer remains responsible for reviewing synchronized information. 6. Customer remains responsible for compliance obligations. I have read and agree to the Assist Mi Legal Third-Party Integration Terms.

# Assist Mi Legal Enterprise Master Services Agreement Version 1.0 Effective Date: ___________ This Master Services Agreement ("Agreement" or "MSA") is entered into between Assist Mi Legal ("Provider") and the customer identified in the applicable Order Form ("Customer"). This Agreement governs Customer's access to and use of the Services. ## 1. Scope This Agreement establishes the terms under which Provider will deliver software and related services to Customer. Services may include: Matter management Email management AI assistant services Document management Workflow automation Reporting Time tracking Billing support Integrations Related functionality Specific services purchased by Customer are identified in the applicable Order Form. ## 2. Order Forms Services are purchased through one or more Order Forms. Each Order Form shall specify: Subscription term Licensed users Service tier Pricing Included services Special terms Each executed Order Form becomes part of this Agreement. ## 3. License Grant Subject to compliance with this Agreement and payment of applicable fees, Provider grants Customer a limited, non-exclusive, non-transferable right to access and use the Services during the applicable subscription term. All rights not expressly granted are reserved. ## 4. Customer Data Customer retains ownership of Customer Data. Provider acquires no ownership rights in Customer Data. Customer grants Provider the limited rights necessary to: Host data Process data Deliver services Perform support Operate integrations Deliver AI-powered functionality ## 5. Acceptable Use Customer shall not: Violate applicable law Circumvent security controls Interfere with platform operations Reverse engineer the Services except as permitted by law Use the Services for unlawful purposes Customer is responsible for activity performed under its accounts. ## 6. Professional Responsibility Provider provides technology services only. Provider does not: Practice law Provide legal advice Establish attorney-client relationships Render professional legal opinions Attorneys remain responsible for all professional obligations. ## 7. AI Services Services may include AI-powered functionality. Customer acknowledges: AI output may be inaccurate. Human review is required. AI functionality does not replace professional judgment. AI functionality is additionally governed by the AI Use Policy. ## 8. Email Assistant Services Customer may enable Email Assistant functionality. Email Assistant functionality is governed by the Email Assistant Terms. Customer remains responsible for supervision of communications and workflows. ## 9. Security Provider shall maintain a security program designed to protect Customer Data. Security practices are described in the Security Addendum. Provider may modify security controls provided that overall security objectives are maintained. ## 10. Privacy and Data Processing Processing of Personal Data shall be governed by: This Agreement The Data Processing Addendum Applicable law The DPA is incorporated by reference into this Agreement. ## 11. Confidentiality Each party agrees to protect Confidential Information using reasonable care. Confidential Information shall be used only: To perform obligations To exercise rights under this Agreement Confidential Information excludes information that: Is publicly available Was already known Is independently developed Is lawfully received from another source ## 12. Fees and Payment Customer shall pay fees specified in applicable Order Forms. Unless otherwise stated: Fees are due in advance. Fees are non-refundable. Taxes are Customer's responsibility. Late payments may result in suspension. ## 13. Subscription Term Subscriptions continue for the period identified in the applicable Order Form. Renewal terms may be specified in the Order Form. ## 14. Support Provider shall provide support according to the support level associated with Customer's subscription. Support levels may be described in: Service descriptions Support exhibits Order Forms ## 15. Availability Provider will use commercially reasonable efforts to maintain availability of the Services. Provider does not guarantee uninterrupted operation. Maintenance, outages, third-party failures, and security events may affect availability. ## 16. Warranties Provider warrants that Services will be provided in a professional and workmanlike manner. Except as expressly stated, Services are provided "as-is." All implied warranties are disclaimed to the maximum extent permitted by law. ## 17. Intellectual Property Provider retains all ownership rights in: Software Documentation Workflows Interfaces Platform enhancements Service improvements Customer retains ownership of Customer Data. ## 18. Feedback Customer may provide feedback regarding the Services. Provider may use feedback without restriction or compensation. ## 19. Indemnification by Customer Customer shall defend and indemnify Provider against claims arising from: Customer Data Customer misuse Violation of law Violation of professional obligations ## 20. Indemnification by Provider Provider shall defend Customer against third-party claims alleging that the Services infringe valid intellectual property rights. Provider may: Modify Services Obtain rights Replace functionality to resolve such claims. ## 21. Limitation of Liability To the maximum extent permitted by law: Neither party shall be liable for: Indirect damages Consequential damages Special damages Lost profits Lost revenue Provider's aggregate liability shall not exceed fees paid by Customer during the twelve months preceding the claim. Certain limitations may not apply where prohibited by law. ## 22. Suspension Provider may suspend Services when reasonably necessary to: Protect security Prevent abuse Comply with legal obligations Address operational risks ## 23. Termination Either party may terminate this Agreement for material breach if the breach remains uncured following reasonable notice. Upon termination: Access may cease. Data export procedures may apply. Payment obligations survive where applicable. ## 24. Return and Deletion of Data Following termination, Customer may request export of Customer Data. Provider may delete Customer Data after a commercially reasonable retention period, subject to legal obligations. ## 25. Audit Rights Where required by applicable agreements, Provider may provide reasonable information regarding security and compliance practices. Audits shall be reasonable in scope and frequency. ## 26. Force Majeure Neither party shall be liable for failure to perform due to events beyond reasonable control, including: Natural disasters Internet failures Government actions Labor disruptions Utility interruptions ## 27. Governing Law This Agreement shall be governed by the laws of the State of California, excluding conflict of law principles, unless otherwise specified in an Order Form. ## 28. Dispute Resolution The parties agree to attempt good-faith resolution of disputes before pursuing litigation. Additional dispute resolution procedures may be specified in an Order Form. ## 29. Entire Agreement This Agreement, together with all incorporated exhibits and Order Forms, constitutes the entire agreement between the parties. ## 30. Order of Precedence In the event of conflict: 1. Executed Order Form 2. Master Services Agreement 3. Data Processing Addendum 4. Security Addendum 5. Email Assistant Terms 6. AI Use Policy 7. Other incorporated policies ## 31. Acceptance Execution of an Order Form or use of Enterprise Services constitutes acceptance of this Agreement.

# Assist Mi Legal Data Processing Addendum Version 1.0 Effective Date: ___________ This Data Processing Addendum ("DPA") forms part of the Assist Mi Legal Terms of Service, Enterprise Agreement, or other governing agreement between Customer and Assist Mi Legal. This DPA applies whenever Assist Mi Legal processes Personal Data on behalf of Customer. ## 1. Definitions Customer The organization subscribing to the Services. Controller The entity that determines the purposes and means of processing Personal Data. Processor The entity processing Personal Data on behalf of a Controller. Personal Data Information relating to an identified or identifiable individual. Processing Any operation performed on Personal Data, including collection, storage, organization, retrieval, disclosure, transmission, deletion, or destruction. Subprocessor A third party engaged by Assist Mi Legal to support delivery of the Services. ## 2. Roles Customer acts as Controller of Personal Data submitted to the Services. Assist Mi Legal acts as Processor of such Personal Data. Assist Mi Legal will process Personal Data only: To provide the Services To comply with documented Customer instructions To satisfy legal obligations ## 3. Processing Activities Processing may include: Storage Retrieval Search Organization Workflow automation AI-assisted processing Reporting Synchronization Security monitoring Processing is limited to activities reasonably necessary to provide the Services. ## 4. Customer Instructions Customer instructs Assist Mi Legal to process Personal Data as necessary to: Deliver Services Maintain Services Support integrations Perform authorized workflows Deliver AI-powered functionality Additional documented instructions may be provided by Customer. ## 5. Confidentiality Assist Mi Legal shall ensure that personnel authorized to process Personal Data are subject to appropriate confidentiality obligations. ## 6. Security Measures Assist Mi Legal shall maintain commercially reasonable administrative, technical, and organizational safeguards designed to protect Personal Data. Examples may include: Access controls Authentication controls Encryption in transit Encryption at rest where applicable Audit logging Monitoring Backup procedures Security review processes No system can guarantee absolute security. ## 7. Subprocessors Customer authorizes Assist Mi Legal to engage Subprocessors as reasonably necessary to provide Services. Subprocessors may include providers supporting: Cloud hosting Authentication Email delivery Monitoring Infrastructure AI processing Customer support Assist Mi Legal shall maintain responsibility for Subprocessor compliance consistent with this DPA. ## 8. AI Service Providers Customer acknowledges that AI-powered functionality may utilize third-party AI providers. Such providers may process Customer data solely to provide requested functionality. Use of AI functionality remains subject to: Terms of Service AI Use Policy Applicable agreements ## 9. International Transfers Customer acknowledges that Personal Data may be processed in jurisdictions where Assist Mi Legal or its service providers operate. Assist Mi Legal shall take commercially reasonable measures to support lawful transfers where required. ## 10. Security Incidents Assist Mi Legal shall notify Customer without unreasonable delay upon becoming aware of a confirmed Security Incident affecting Personal Data processed on behalf of Customer. Notification may include: Nature of incident Categories of affected information Known impact Mitigation efforts Recommended actions Notification does not constitute an admission of fault or liability. ## 11. Assistance Where reasonably feasible, Assist Mi Legal will provide information necessary to assist Customer in responding to: Access requests Deletion requests Correction requests Applicable privacy obligations ## 12. Audits Customer may request reasonable information regarding Assist Mi Legal's security practices. Assist Mi Legal may satisfy such requests through: Security documentation Compliance reports Questionnaires Certifications Customer audits shall be reasonable in scope and frequency. ## 13. Data Retention Customer controls retention of Customer data subject to platform functionality and legal obligations. Assist Mi Legal may retain information: As required by law For security purposes For backup purposes For dispute resolution ## 14. Return and Deletion Upon termination of Services and subject to applicable legal requirements: Customer may request export of Customer data. Assist Mi Legal will delete or render inaccessible Customer data within a commercially reasonable period. Certain information may be retained as required by law or operational necessity. ## 15. Liability Liability arising under this DPA shall be governed by the liability provisions contained within the governing agreement. ## 16. Order of Precedence In the event of conflict: 1. Enterprise Agreement or MSA 2. This DPA 3. Terms of Service ## 17. Acceptance Execution of the governing agreement or continued use of Enterprise Services constitutes acceptance of this DPA.

# Assist Mi Legal Security Addendum Version 1.0 Effective Date: ___________ This Security Addendum describes the administrative, technical, and organizational safeguards used by Assist Mi Legal to support the security, confidentiality, integrity, and availability of customer information. This Security Addendum supplements the Terms of Service, Data Processing Addendum, and other applicable agreements. ## 1. Purpose Assist Mi Legal is committed to maintaining a security program designed to protect customer information from unauthorized access, disclosure, alteration, destruction, or misuse. Security controls may evolve over time as threats, technologies, and business requirements change. ## 2. Shared Responsibility Model Security is a shared responsibility between Assist Mi Legal and Customer. Assist Mi Legal Responsibilities Assist Mi Legal is responsible for: Platform security Infrastructure management Application security controls Tenant isolation Authentication controls Monitoring and logging Vendor management Incident response Customer Responsibilities Customer is responsible for: User management Permission management Device security Password management User training Data governance Workflow configuration Review processes ## 3. Hosting Environment Assist Mi Legal utilizes cloud infrastructure providers to operate the Services. Infrastructure may include: Cloud-hosted compute resources Managed databases Managed storage services Networking services Monitoring services Infrastructure providers are selected based on security, reliability, and operational requirements. ## 4. Data Segregation The platform is designed to logically segregate customer information between tenants. Controls are intended to prevent unauthorized access between: Organizations Workspaces Matters Users Tenant isolation controls are regularly reviewed as part of platform development and testing. ## 5. Authentication Access to the platform may be protected through: Username and password authentication Single Sign-On (SSO) Multi-Factor Authentication (MFA) Identity provider integrations Assist Mi Legal strongly recommends MFA for all users. Enterprise customers may require MFA enforcement. ## 6. Authorization and Access Control The platform utilizes role-based access controls designed to restrict access based on business need. Examples include: Administrator roles Attorney roles Staff roles Read-only roles Matter-specific permissions Access should be granted according to the principle of least privilege. ## 7. Matter-Level Security Assist Mi Legal supports controls intended to limit access to information based on matter assignment and authorization. Organizations are responsible for configuring permissions appropriate to their operational requirements. ## 8. Encryption Information may be protected using industry-standard encryption technologies. Data in Transit Communications between users and the platform are protected using encrypted transport protocols. Data at Rest Stored information may be protected through encryption technologies provided by infrastructure providers and platform services. ## 9. Audit Logging Assist Mi Legal maintains audit records relating to platform activity. Examples may include: Authentication events User actions Administrative actions Workflow execution Integration activity Assistant activity Audit records support: Security monitoring Compliance investigations Troubleshooting Operational review ## 10. Monitoring and Detection Assist Mi Legal maintains monitoring capabilities designed to identify: Service disruptions Operational issues Security anomalies Unauthorized access attempts Infrastructure concerns Monitoring technologies may evolve over time. ## 11. Vulnerability Management Assist Mi Legal employs practices intended to identify and address security weaknesses. Examples may include: Security reviews Dependency monitoring Patch management Vulnerability remediation Code review processes Remediation priorities may vary based on risk and operational considerations. ## 12. Application Security Security considerations are incorporated throughout the software development lifecycle. Practices may include: Code review Automated testing Dependency analysis Security-focused development practices Release validation procedures ## 13. Backups and Recovery Assist Mi Legal maintains backup and recovery procedures designed to support service restoration. Backup frequency, retention, and recovery procedures may vary based on operational requirements. No backup system guarantees prevention of all data loss scenarios. ## 14. Business Continuity Assist Mi Legal maintains operational procedures intended to support service continuity during adverse events. Business continuity plans may be updated periodically. ## 15. Incident Response Assist Mi Legal maintains procedures for responding to security incidents. Response activities may include: Investigation Containment Remediation Recovery Customer notification when appropriate ## 16. Security Incident Notification When Assist Mi Legal becomes aware of a confirmed security incident affecting customer information, notification will be provided without unreasonable delay and in accordance with applicable agreements and legal obligations. Notifications may include: Description of the incident Known impact Mitigation efforts Recommended actions ## 17. Personnel Security Personnel with access to customer information are granted access based on business need. Assist Mi Legal may utilize: Confidentiality obligations Security awareness training Access management procedures to support security objectives. ## 18. Vendor Management Assist Mi Legal may utilize third-party providers supporting: Hosting Authentication Email delivery Monitoring Artificial intelligence functionality Infrastructure operations Providers are selected and managed according to operational and security considerations. ## 19. AI Provider Governance Assist Mi Legal may utilize third-party AI providers to deliver AIpowered functionality. Assist Mi Legal seeks to: Limit data sharing to what is necessary Evaluate provider capabilities Monitor provider changes Review provider security practices AI-generated output remains subject to human review requirements. ## 20. Connected Applications The platform may integrate with external services. Customers remain responsible for: Reviewing permissions Managing connected accounts Configuring access appropriately Security of third-party platforms remains the responsibility of those providers. ## 21. Security Requests Enterprise customers may request reasonable security information. Assist Mi Legal may satisfy such requests through: Security documentation Questionnaires Compliance materials Architecture reviews Vendor assessments ## 22. Security Program Evolution Security controls may be modified as technology, threats, regulations, and platform capabilities evolve. Assist Mi Legal reserves the right to improve or replace controls while maintaining appropriate security objectives. ## 23. Contact Information Security inquiries may be directed to: security@assistmi.com or other designated security contact channels. ## 24. Acknowledgment This Security Addendum describes Assist Mi Legal's security practices and forms part of the applicable customer agreement where incorporated by reference.