LETTRIA PERSEUS

TERMS AND CONDITIONS OF USE

Operated by TURFU (SAS)

Paris Trade and Companies Register no. 835 074 857

21, rue de Berri, 75008 Paris, France

hello@lettria.com

Version: 2026-05-26

Effective date: May 25, 2026

Preamble — Strictly Professional Use. The Perseus Platform is a tool intended exclusively for professional use. By creating an Account and accepting these Terms and Conditions of Use, the Customer represents and warrants that it accesses the Platform in the context of a commercial, industrial, craft, professional, agricultural, scientific, research, educational or any other professional activity, including on an individual basis (notably as a freelancer, sole proprietor, self-employed individual, independent developer, consultant or researcher). The Services are not intended for consumers within the meaning of the preliminary article of the French Consumer Code, and any use of the Services for personal, domestic or non-professional purposes is excluded.

Article 1. Purpose

TURFU SAS (hereinafter “Lettria”), publisher of the Perseus solution, offers its professional users (the “Customers”), through its web console accessible at https://app.perseus.lettria.net (the “Site”) and an API (together the “Platform”), a natural language processing and artificial intelligence service that transforms unstructured data (text documents) into structured data in the form of graphs (the “Service”).

Article 2. Services Offered

The main features of the Service include:

• uploading text files via the web console or the API;

• running processing operations (“jobs”) on these files;

• generating structured data graphs from the submitted documents (the “Deliverables”), based on an ontology defined by the Customer or generated automatically by a large language model (LLM) when no ontology is provided;

• managing workspaces, members and API keys from the web console;

• monitoring API requests from the web console.

The functional and technical features of the Service are described on the Site and within the Service documentation, accessible at https://docs.perseus.lettria.net (the “Documentation”).

The Documentation has an informational and descriptive value only. It cannot alter the contractual commitments entered into by the Parties under these Terms and the DPA. The applicable version of the Documentation is the one in force on the date of the relevant fact; earlier versions are archived and made available upon request at hello@lettria.com.

Article 3. Contract Documents

The contractual relationship between the Customer and Lettria is governed, in decreasing order of priority, by the following documents:

• these Terms and Conditions of Use (the “Terms” or “T&C”);

• the Data Processing Agreement (the “DPA”) attached as Annex 1 to these Terms;

• the Privacy Policy accessible on the Site;

• the Documentation, for information purposes only.

The Customer acknowledges having had access to these Terms prior to accepting them and having had the time and information necessary to review them.

The contract documents express the entire agreement of the Parties as of the date of their acceptance. They supersede and replace any prior agreement, letter, offer or other written or oral document having the same subject matter.

In the event of any conflict between these Terms and the DPA, the DPA shall prevail with respect to the matters it governs (protection of personal data).

Article 4. Conditions of Access to the Services

4.1 Strictly Professional Use

The Services are intended exclusively for professional use. By creating an Account and accepting these Terms, the Customer represents and warrants that it accesses and uses the Services in the context of a commercial, industrial, craft, professional, agricultural, scientific, research, educational or any other professional activity, including on an individual basis (notably as a freelancer, sole proprietor, self-employed individual, independent developer, consultant or researcher).

The Services are not intended for consumers within the meaning of the preliminary article of the French Consumer Code. Any use of the Services for personal, domestic or non-professional purposes is strictly excluded.

Any false declaration regarding the professional nature of the use shall engage the Customer’s liability and shall entitle Lettria to suspend or terminate the relevant Account as of right.

4.2 Legal Capacity

The Services are accessible to:

• any natural person at least 18 years of age and with full legal capacity, acting in the context of a professional activity. When creating an Account, the Customer represents on its honor that it has reached the required age;

• any legal entity acting through a natural person with the authority or power required to enter into a contract in its name and on its behalf.

Article 5. Subscription Process

To access the Services, the Customer creates an online account on the Platform by providing its email address and setting a password (the “Account”).

When creating the Account, the Customer expressly confirms, by ticking a separate checkbox, that it is accessing the Services in the context of a professional activity within the meaning of Article 4.1 and that it accepts these Terms, the DPA and the Privacy Policy.

Creating the Account and accessing the Services are subject to the express and prior acceptance of these Terms. The Customer may not access the Services, nor generate an API key, without completing this step.

The Customer undertakes to provide accurate, complete and up-to-date information when creating its Account. The Customer is solely responsible for the information provided and for any consequences resulting from any inaccuracy.

Article 6. Provision of an API Key

After creating its Account and accepting these Terms, the Customer may generate one or more API keys from the web console enabling it to access the Services (the “API Keys”).

The Customer acknowledges that the API Keys are strictly personal and confidential.

In the event of compromise or loss of an API Key, the Customer shall revoke it without delay from the web console and generate a new one. Lettria shall not be liable for any unauthorized use resulting from the Customer’s failure to take such precautions.

Article 7. Workspaces, Members and Administrator

The Services are organized around workspaces (the “Workspaces”). A Workspace is created by the Customer upon registration or thereafter from the console. Billing for the Services is attached to the Workspace.

It is the Customer’s responsibility, in its capacity as administrator of its Workspace (the “Administrator”), to select the users having access to the Services (the “Members”), within the limits of the rights granted to them.

Inviting new Members to a Workspace is reserved to the Administrator from the web console. Any Member may leave a Workspace at any time from its Account. Billing for the Workspace remains the responsibility of the Administrator, irrespective of the number of Members.

Transfer of Administrator status. The Administrator may, at any time from the console, designate another Member of the Workspace as Administrator. In the event of lasting unavailability of the Administrator (notably departure from the organization, account inactivity of more than 90 days or persistent failure of the payment method), a Member of the Workspace may send Lettria a reasoned request for an Administrator transfer, supported by all relevant evidence (proof of relationship with the entity owning the Workspace, evidence of the outgoing Administrator’s departure). Lettria may then, after notifying the outgoing Administrator at the email address associated with the Account and observing a reasonable 15-day period without reasoned objection, proceed with the transfer. Lettria assumes no liability for the internal consequences of such transfer within the Customer’s organization.

The Customer is solely responsible for ensuring that the Members keep their login credentials and/or passwords (the “Member Account(s)”) confidential. It undertakes to ensure that the Members do not allow any third party to use them in their place or on their behalf, otherwise bearing full responsibility. Any use of the Services with these credentials shall be deemed to have been carried out by the corresponding Members.

The Customer undertakes to contact Lettria without delay, by email at hello@lettria.com, if it appears that a Member Account has been used without the knowledge of its holder.

Article 8. Access to the Services

The Customer may access the Services:

• via the web console accessible at https://app.perseus.lettria.net; or

• through an API that Lettria makes available and that the Customer may integrate into its information system using the API Key generated from the console and the software development kit (SDK) made available on the Platform. The access link to the API and the related integration Documentation are accessible on the Platform.

Article 9. Configuration

The Services are made available to the Customer on a self-service basis. The configuration of the Services, in particular the definition of ontologies (schemas of concepts and relationships to be extracted from the documents), is carried out directly by the Customer from the web console or the API, without any intervention from Lettria.

Where the Customer does not provide an ontology, the Service automatically generates an ontology using a large language model (LLM). The Customer acknowledges and accepts that the generated results depend on the quality of the data submitted and on the configuration defined by the Customer, for which it is solely responsible. Lettria does not warrant the fitness of the Deliverables for the Customer’s specific needs.

Article 10. Term and Termination

These Terms are entered into for an indefinite term, as from the date of their acceptance by the Customer.

The Customer may terminate its access to the Services at any time, without notice and without charge, from the web console or by email sent to hello@lettria.com. Termination takes effect at the end of the current calendar month, the Customer remaining liable for the amounts due for the current billing period.

Lettria reserves the right to suspend or terminate access to the Services in the event of non-payment or breach by the Customer of its essential obligations, under the conditions set out in Article 22 (“Termination for Breach”).

Article 11. Intellectual Property Rights

11.1 Intellectual Property Rights on the Platform

The Platform is the property of Lettria, as are the Site, the software, infrastructure, databases and content of any kind (texts, images, visuals, music, logos, trademarks, etc.) that it operates. They are protected by all intellectual property rights or database producers’ rights in force. The license granted by Lettria to the Customer does not result in any transfer of ownership.

Lettria grants the Customer, worldwide and for the term provided in Article 10, a non-exclusive, personal and non-transferable license to use the Platform, in its existing version as of the date hereof and in any future versions, as well as its Documentation, on a SaaS basis, for the sole purpose of providing the Services.

Consequently, any disassembly, decompilation, decryption, extraction, reuse, copying, and more generally any acts of reproduction, representation, distribution or use of any of the elements making up the Platform, in whole or in part, without Lettria’s authorization, are strictly prohibited and may give rise to legal proceedings.

The Customer expressly undertakes not to seek, in particular by reverse engineering, disassembly or any other analysis, to ascertain the methodology, composition, techniques, processes or any other information relating to the Platform and more particularly to the underlying models and algorithms.

11.2 Rights to Submitted Documents and Deliverables

Ownership of and license to the Documents. The Customer retains all intellectual and industrial property rights in the documents, datasets, content and information it uploads or submits on the Platform (the “Documents”). The Customer grants Lettria, solely for the time necessary to process the Documents and make the Deliverables available, a non-exclusive, non-transferable, worldwide and royalty-free license to use, reproduce and adapt the Documents, for the sole purpose of providing the Services. This license terminates automatically upon deletion of the Documents in accordance with Article 11.4.

License to the Deliverables. Lettria grants the Customer, as from their generation and for the entire legal term of protection of the related rights, an exclusive, perpetual, irrevocable, worldwide, transferable, sub-licensable and royalty-free license, covering all economic rights that may exist on the Deliverables. This license covers all rights of reproduction, representation, distribution, adaptation, translation, modification, derivative exploitation and any other form of exploitation, for any commercial or non-commercial use, on any medium and by any means, known or future, within the limits permitted by Article L. 131-6 of the French Intellectual Property Code.

This license is granted on an exclusive basis: Lettria undertakes not to directly exploit the Deliverables of a given Customer, nor to grant any rights in such Deliverables to any third party, without the prior written consent of the Customer. However, it is specified that the fact that two distinct Customers submitting similar Documents would obtain Deliverables containing identical or similar elements (notably with respect to generic ontological structures) does not constitute a breach of this clause, provided that Lettria does not use the Deliverables of one Customer to provide the Services to another Customer.

The Customer can export the Deliverables from the Platform at any time during the term of the Services, under the conditions set out in Article 21.

11.3 No-Training Commitment for AI Models

Lettria undertakes that the Documents submitted by the Customer and their content shall under no circumstances be used, by Lettria itself or by its Subprocessors, for the training, retraining, fine-tuning, evaluation, benchmarking or any other form of improvement of artificial intelligence models, whether those of Lettria or those of third parties.

Lettria has selected its language model providers and configured their interfaces so as to contractually and technically exclude any use of the Documents and prompts submitted for the training of their own models. This commitment is documented with the relevant subprocessors and constitutes an essential obligation of Lettria within the meaning of Article 22.

Aggregated and anonymized statistics. Lettria may use, solely for the purposes of improving and maintaining the Platform, aggregated and anonymized statistics derived from the use of the Service (notably volumes, processing times, error rates, statistical distribution of the types of entities extracted). These statistics are produced using anonymization techniques compliant with Recital 26 of the GDPR, so that no re-identification of a person, Document or Customer is possible. Once anonymized within the meaning of the GDPR, these statistics do not constitute personal data nor Documents within the meaning of these Terms.

11.4 Retention Period and Deletion of Documents and Deliverables

Unless otherwise instructed by the Customer through the console, the submitted Documents and the generated Deliverables are stored on the Platform for a period of ninety (90) days from the generation of the associated Deliverables, and are then automatically and permanently deleted. The Customer may, at any time from the console or the API, manually delete a Document or a Deliverable, or configure a shorter retention period.

This retention period may be modified by special arrangement between Lettria and the Customer, in particular for long-term processing needs or specific use cases.

Article 12. Additional Services

12.1 Technical Support

Apart from anomalies, and for any question relating to the use of the Platform, Lettria provides the Customer with technical support accessible exclusively by email at hello@lettria.com. Lettria will use reasonable efforts to respond to support requests as soon as possible.

12.2 Hosting of the Platform

Lettria undertakes, on a best-efforts basis, to host the Platform as well as the data produced, entered and exchanged between the Customer and the various Members, in accordance with industry practice and the state of the art, through professional infrastructure providers, the list of which is set out in the Privacy Policy and in Annex 1 (DPA).

Lettria undertakes to implement all technical means, consistent with the state of the art, necessary to ensure the security of access to the Platform, covering the protection and supervision of the infrastructure, the control of physical and/or logical access to such infrastructure, as well as the implementation of detection, prevention and recovery measures to protect the servers against malicious acts.

Lettria also undertakes to take all useful precautions, having regard to the nature of the data and the risks presented by the automated processing carried out for the Customer’s needs, to preserve the security of the data, and in particular to prevent it from being distorted, damaged or accessed by unauthorized third parties.

12.3 Service Level

Lettria undertakes to ensure the permanence, continuity and quality of access to the Platform. To this end, it uses its best efforts to maintain access to its tools 24/7, except in cases of force majeure or scheduled maintenance.

Given the complexity of the Internet, the unequal capacities of the various subnetworks, the influx of users of the Platform at certain hours, and the various bottlenecks over which Lettria has no control, Lettria’s liability shall be limited to the operation of its servers, the external boundaries of which are constituted by the connection points.

Lettria shall not be liable for (i) access speeds to its servers, (ii) slowdowns external to its servers, (iii) poor transmissions due to a failure or malfunction of these networks, (iv) service interruptions related to third-party providers (cloud infrastructure, LLM model providers).

Where necessary, Lettria reserves the option to limit or suspend access to the Platform in order to carry out any maintenance operation. Lettria will use reasonable efforts to inform Customers in advance of any scheduled maintenance operation, without this constituting a firm contractual commitment.

12.4 “Early Access” Status

As of the effective date of these Terms, the Service is offered in an “Early Access” version, i.e., an early-access phase.

The Customer is expressly informed that:

• the Service may exhibit instabilities, malfunctions or unforeseen interruptions;

• the features of the Service may evolve, be modified, added or removed without notice;

• no warranty as to availability or service-level performance is given by Lettria under this phase, without prejudice to the obligations relating to portability and switching providers set out in Article 21 and the DPA;

• the prices applicable upon completion of the Early Access phase may differ from the financial terms applicable during such phase.

Lettria will inform the Customer, by email at the address associated with the Account and at least thirty (30) days before its entry into force, of the end of the Early Access phase and the new applicable terms. The Customer may, if applicable, terminate its access to the Services under the conditions set out in Article 10.

Article 13. Financial Terms

13.1 Price of the Services

The Services are billed on a consumption (pay-as-you-go) model based on the volume of tokens processed (input and output tokens) and, where applicable, on other technical units of work described on the pricing page.

The applicable rate is the one indicated on the pricing page accessible at https://perseus.lettria.com/pricing (the “Pricing Page”). The Customer acknowledges having reviewed the Pricing Page prior to creating its Account and before each job launch. The console displays in real time the Customer’s consumption and the associated estimated cost.

Lettria reserves the right to modify its prices at any time. Any price change will be communicated to the Customer by email at the address associated with the Account at least thirty (30) calendar days before its entry into force. Use of the Service after the entry into force of the new prices constitutes the Customer’s acceptance thereof. If the Customer does not accept the new prices, it may terminate its access to the Services free of charge within this thirty (30)-day period, under the conditions set out in Article 10.

During the Early Access phase referred to in Article 12.4, the Service may be offered without billing or under preferential pricing conditions, communicated to the Customer on the Platform.

Unless otherwise stated, the price is expressed in Euros and exclusive of taxes.

Lettria reserves the right, at its sole discretion and on terms it determines, to offer promotional offers or price reductions.

13.2 Billing, Payment Methods and Pre-authorization

Pre-authorization and spending cap. Prior to any billable use of the Services, the Customer registers a valid payment method (credit card or SEPA direct debit, depending on the options offered) with Lettria’s payment services provider. Lettria may pre-authorize this payment method and require immediate payment beyond a specified consumption threshold.

The Customer may set, from the web console, a monthly spending cap and consumption alerts. Lettria may automatically suspend the provision of the Services in the event of overrun of the configured cap or persistent failure of the registered payment method, without incurring liability as a result.

Billing. Billing is carried out as described on the Pricing Page: (i) by immediate debit on the registered payment method, upon reaching a specified consumption threshold; and/or (ii) monthly, in arrears, on the basis of the Customer’s consumption during the past calendar month. The Customer receives its invoices by email at the address associated with the Account and may view them at any time from the console.

The Customer’s banking data is not stored by Lettria but directly by its payment services provider (PSP), identified as a Subprocessor in Article 3 of the DPA and in the Privacy Policy. Lettria only retains, for identification purposes, the last four digits of the credit card and the card type.

13.3 Late or Failed Payment

Any late payment of all or part of a sum due to Lettria on its due date shall automatically result, on the day following the payment date shown on the invoice:

• in the acceleration of all sums due by the Customer and their immediate enforceability, regardless of the payment terms initially agreed;

• in the immediate suspension of access to the Services until full payment of all sums due;

• in the application of late payment interest, due by the sole fact of the contractual due date being reached, at a rate equal to three (3) times the legal interest rate, based on the amount of the unpaid debt, as well as a flat-rate recovery fee of forty (40) Euros, without prejudice to additional compensation if the actual recovery costs exceed this amount (Articles L. 441-10 and D. 441-5 of the French Commercial Code).

Article 14. Customer Obligations and Warranties

Without prejudice to the other obligations set out in these Terms, the Customer undertakes to comply with the following obligations:

1. The Customer undertakes to provide Lettria with all documents, elements, data and information necessary for Lettria to perform its obligations under the Contract.

2. More generally, the Customer undertakes to actively cooperate with Lettria for the proper performance of the Contract and to inform it of any difficulties relating to such performance.

3. The Customer represents that it has received from Lettria, prior to accepting these Terms, all advice, instructions and clarifications necessary to enter into the Contract with full knowledge of the relevant facts; that it accordingly has a sufficient understanding of the features and functionalities of the Platform; and that it has, prior to these Terms, sufficiently engaged with Lettria to ensure that the Platform corresponds to its expectations, needs and constraints.

4. The Customer is informed and accepts that access to the Platform and the implementation of the Services require it to meet the technical prerequisites listed on the Platform, in particular that it be connected to the Internet, and that the quality of the Services depends directly on compliance with these technical prerequisites and on this connection, for which the Customer is solely responsible.

5. The Customer is responsible for its use of the Services and for any information it shares in this context. It is also responsible for the use of the Services and for all information shared by the Members. It undertakes to ensure that the Services are used exclusively by itself and/or the Members, who are subject to the same obligations as the Customer in their use of the Services.

6. The Customer undertakes not to divert the Services for purposes other than those for which they are designed, including for:

   • carrying out any illegal or fraudulent activity,

   • infringing public order or accepted standards of behavior,

   • infringing third parties or their rights in any manner whatsoever,

   • breaching any contractual, legislative or regulatory provision,

   • carrying out any activity likely to interfere with a third party’s information system, in particular for the purpose of breaching its integrity or security,

   • carrying out maneuvers aimed at promoting its own services and/or sites or those of a third party,

   • assisting or encouraging a third party to commit one or more of the acts or activities listed above.

7. The Customer also undertakes not to:

   • copy, reverse-engineer, modify or divert any element belonging to Lettria or any concept it operates in connection with the Services,

   • adopt any behavior likely to interfere with or divert Lettria’s information systems or to undermine its IT security measures,

   • infringe Lettria’s rights and financial, commercial or moral interests,

   • market, transfer or grant access in any manner whatsoever to the Services, the information hosted on the Platform or any element belonging to Lettria.

8. The Customer undertakes not to monetize, assign, grant or transfer all or part of its rights or obligations under these Terms to any third party in any manner whatsoever, without the prior written consent of Lettria.

9. The Customer is solely responsible for the data and content of any nature (editorial, graphic, audio, audiovisual or other) published and/or exchanged by the Members in connection with their use of the Services (the “Content”). It warrants to Lettria that it has all the rights and authorizations necessary to submit and process such Content.

10. It undertakes that such Content shall be lawful, shall not infringe public order, accepted standards of behavior or the rights of third parties, shall not breach any legislative or regulatory provision, and more generally shall not be likely to expose Lettria to any civil or criminal liability.

11. The Customer therefore undertakes not to submit, including but not limited to:

    • Content that is pornographic, obscene, indecent, offensive, defamatory, abusive, violent, racist, xenophobic or revisionist,

    • infringing Content,

    • Content harmful to the image of a third party,

    • misleading, deceptive Content or Content offering or promoting unlawful, fraudulent or deceptive activities,

    • Content harmful to the information systems of third parties (such as viruses, worms, Trojan horses, etc.),

    • and more generally any Content likely to infringe the rights of third parties or to be prejudicial to third parties, in any manner and in any form whatsoever.

12. The Customer holds Lettria harmless against any complaints, claims, actions and/or demands whatsoever that it may face as a result of the breach by the Customer of any of its obligations under the Contract. The Customer undertakes to pay Lettria all costs, charges and/or judgments it may have to bear as a result.

13. The Customer acknowledges that the Services enable the processing of potentially confidential text documents. It undertakes to submit for processing only data for which it has the necessary rights and required authorizations, in particular with respect to the right to the protection of personal data, business secrets, professional secrecy and intellectual property rights.

14. The Customer undertakes to integrate Lettria’s API and SDK into its information systems in accordance with the technical Documentation provided on the Platform and not to use these tools in a manner likely to compromise the security or integrity of the Platform.

Article 15. Lettria’s Obligations and Liability

Without prejudice to the other obligations set out in the Contract, Lettria undertakes to comply with the following obligations:

15. Lettria undertakes to perform its obligations under the Contract diligently and in accordance with industry best practices, it being specified that Lettria is bound by a best-efforts obligation, to the exclusion of any obligation of result, which the Customer expressly acknowledges and accepts.

16. Lettria undertakes to use its best efforts to ensure the security of the Platform and to maintain the confidentiality of the data entered on the Customer’s Account.

17. Lettria certifies that it holds a professional civil liability insurance policy. It undertakes to maintain this insurance policy in force for the duration of the Contract.

18. Lettria undertakes to regularly carry out controls to verify the operation and accessibility of the Platform. To this end, it reserves the option to temporarily interrupt access to the Platform for reasons of scheduled maintenance.

19. Lettria shall not be liable for difficulties or temporary impossibilities of access to the Platform arising from circumstances beyond its control, force majeure or disruptions of telecommunications networks.

20. Lettria undertakes to actively cooperate with the Customer for the proper performance of the Contract and to inform it of any difficulties relating to such performance.

21. The services defined in these Terms are provided by Lettria as-is and without any warranty of any kind, whether express or implied. In particular, Lettria does not warrant to the Customer:

    • that the Platform and Services, which are subject to constant research aimed at improving their performance, will be entirely free from errors, defects or flaws;

    • that the Platform and Services, being standard and in no way offered solely for the Customer based on its own personal constraints, will specifically meet its needs and expectations.

The Customer is further informed that the Platform operates using technology based on artificial intelligence which, despite being the subject of constant research aimed at improving its performance, may exhibit defects, biases or inaccuracies (in particular, hallucinations). It is the Customer’s responsibility to verify and validate the Deliverables before any operational use.

22. The Customer acknowledges that the Deliverables depend in particular on the quality of the data transmitted to the Platform, under its sole responsibility. Lettria shall not be liable if the generated Deliverables are not satisfactory, in particular due to the poor quality of such data.

Article 16. Limitation of Liability

Lettria’s liability under these Terms may only relate to direct and foreseeable damages suffered by the Customer, to the exclusion of any indirect damages.

In any event, Lettria’s total liability for all breaches, faults or harmful events occurring during the same contract year is expressly limited to the higher of the following two amounts: (i) the sum of the amounts effectively paid by the Customer to Lettria during the twelve (12) months preceding the event giving rise to liability, and (ii) a floor of one thousand (1,000) Euros, without being able to exceed a cap of fifty thousand (50,000) Euros.

Indirect damages are expressly excluded from Lettria’s liability, including, without limitation, loss of revenue, loss of data, loss of opportunity, damage to image, loss of profits or additional costs.

The limitations and exclusions set out in this article do not apply in the event of:

• gross negligence or willful misconduct of Lettria;

• bodily injury;

• breach by Lettria of its confidentiality obligations set out in Article 18;

• breach by Lettria of the personal data protection obligations set out in the DPA, in accordance with its Article 1.2.10;

• infringement by Lettria of the Customer’s intellectual property rights;

• breach by Lettria of the commitment not to use the Documents to train AI models set out in Article 11.3.

Article 17. Personal Data

17.1 General Provisions

Lettria and the Customer each undertake, for what concerns them, to comply with the regulations applicable to personal data, in particular the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) and the French Act on Information Technology, Data Files and Civil Liberties of 6 January 1978 in its latest version in force (hereinafter together the “Applicable Regulations”).

17.2 Account Data and Billing Data

In the context of the creation and management of the Accounts, Lettria collects and processes the Customer’s personal data (email, account identifier, workspace data, billing data) in its capacity as data controller within the meaning of the Applicable Regulations. These processing operations are described in Lettria’s Privacy Policy, accessible on the Platform.

17.3 Processing of Data Submitted via the Platform

Where the Customer submits, via the Platform, Documents containing personal data, Lettria processes such data in its capacity as a processor within the meaning of Article 28 of the GDPR, the Customer acting as data controller. The terms of such processing are defined in the DPA attached as Annex 1, which forms an integral part of these Terms.

Article 18. Confidentiality

Each of the Parties undertakes to keep strictly confidential all documents and information of a legal, commercial, industrial, strategic, technical or financial nature relating to or held by the other Party, of which it would have become aware on the occasion of the conclusion and performance of the Contract, and not to disclose them without the prior written consent of the other Party. It is expressly provided that the Documents constitute confidential information within the meaning of this clause.

This obligation does not extend to documents and information:

• that were already known to the receiving Party;

• that were already public when communicated or that subsequently became so without breach of the Contract;

• that have been lawfully received from a third party;

• the disclosure of which is required by the judicial authorities, in accordance with laws and regulations or to establish a Party’s rights under this Contract.

This confidentiality obligation extends to all employees, collaborators, trainees, directors and agents of the Parties, as well as to their advisers, affiliates and contractors, to whom confidential documents or information may be transmitted only if they are bound by the same confidentiality obligation as that set out in these Terms.

The confidentiality obligation will remain in effect for five (5) years following the end of the relationship between the Parties.

Article 19. Subcontracting

The Customer is informed and accepts that Lettria may use service providers, suppliers and subcontractors for the provision of the Services. The list of the main Subprocessors is set out in the Privacy Policy and in Article 3 of the DPA.

Lettria may communicate to the relevant subcontractors all documents, elements, data and information necessary for this purpose, subject to first having them sign a confidentiality undertaking on the same terms as those set out in these Terms. Lettria undertakes to have its subcontractors comply with the same contractual obligations as those to which it is subject under the Contract.

The specific terms applicable to the processing of personal data by subprocessors (general authorization, right to reasoned objection, guarantees) are set out in Article 1.2.2 of the DPA.

Article 20. Commercial References

Lettria may use the Customer’s name, brand and logo, as a commercial reference, on any medium and in any form whatsoever, for the duration of the Contract and for a period of three (3) years from its end. The Customer may object to such use at any time, without giving reasons, by simply sending an email to hello@lettria.com; Lettria undertakes to cease such use within a reasonable period of time following receipt of such objection.

The Customer may also, subject to Lettria’s prior written consent, use Lettria’s name, brand and logo as a commercial reference, for the duration of the Contract and for a period of three (3) years from its end.

Article 21. End of Access to the Services and Portability (Data Act)

From the end of the Services, whatever the cause, the Customer no longer has access to its Account or to the features of the Platform, subject to the provisions below.

21.1 Transition Period

In accordance with Article 25 of Regulation (EU) 2023/2854 (the “Data Act”), from the date of termination or the request to switch provider, Lettria maintains the Service accessible to the Customer for a minimum transition period of thirty (30) days (the “Transition Period”), to allow the Customer to export its data.

During the Transition Period:

• the Customer retains access to the web console to view and export its Documents and Deliverables;

• Lettria makes available to the Customer, upon request sent to hello@lettria.com, a complete export of the Documents and Deliverables in an interoperable, structured and machine-readable format (JSON format by default, or any other open format compatible with industry standards), in accordance with Articles 25(2)(a) and 30 of the Data Act.

At the end of the Transition Period, the Customer no longer has access to its data. Lettria permanently deletes the Customer’s Documents and Deliverables under the conditions set out in Article 17 and the DPA, and confirms this deletion in writing upon the Customer’s request.

The Customer undertakes to carry out the export of its data before the expiration of the Transition Period. Lettria shall not be liable for the loss of data not exported by the Customer at the end of such period.

21.2 Right to Switch Provider

In accordance with Article 23 of the Data Act, Lettria undertakes not to impose any contractual, technical, commercial or organizational obstacles that would prevent or make excessively difficult the Customer’s switching to another provider, including migration to its own infrastructure (on-premises) or to another data processing services provider.

The termination notice may not exceed two (2) months from the notification sent by the Customer, in accordance with Article 25(2)(d) of the Data Act.

21.3 Switching Fees

The provision of the Customer’s data in a standard export format during the Transition Period is free of charge.

Any assistance services for the recovery or migration of data (in particular personalized technical assistance, transformation into a non-standard format, or migration to a third-party infrastructure) beyond the simple provision of the data shall be the subject of a separate quotation drawn up by Lettria, in compliance with the provisions of Article 29 of the Data Act on the progressive removal of switching charges. From 12 January 2027, no charge shall be invoiced to the Customer for the export of its data, in accordance with the schedule provided for by the Data Act.

21.4 Active Portability

Lettria makes available on the Platform a Documentation describing the procedures, formats and technical constraints applicable to the export of the data, in accordance with Article 26 of the Data Act. Such Documentation is accessible before the conclusion of the Contract and throughout its duration.

Article 22. Termination for Breach

The following constitute essential obligations of the Customer (the “Essential Obligations”):

• the payment of the price;

• compliance with the clauses on “Intellectual Property Rights on the Platform” (Article 11.1);

• the provision of accurate and complete information to Lettria, in particular as regards the professional nature of the use (Article 4.1);

• compliance with the usual rules of politeness and courtesy in exchanges with Lettria;

• not using the Services on behalf of a third party;

• not engaging in illegal or fraudulent activities or activities undermining the rights or security of third parties, as well as not breaching the laws and regulations in force.

In the event of breach of any of these Essential Obligations, Lettria may, at its sole discretion:

• suspend or remove the Customer’s access to the Services;

• terminate the Contract as of right without notice or formal demand, without payment of any compensation;

• suspend the Customer’s access to any Deliverable directly related to the breach, it being specified that the intellectual property licensed to the Customer over the Deliverables in accordance with Article 11.2 is not affected, and that the suspension covers only access via the Platform;

• publish on the Platform any information message it deems useful;

• notify any competent authority, cooperate with it and provide it with all useful information for the investigation and prosecution of illegal or unlawful activities;

• initiate any legal action.

These sanctions are without prejudice to any damages that Lettria may claim from the Customer.

In the event of a breach of any obligation other than an Essential Obligation, Lettria will require the Customer, by any useful written means, to remedy the breach within a maximum period of fifteen (15) calendar days. The Services will end at the expiration of this period failing remediation of the breach.

The end of the Services entails the deletion of the Customer’s Account, subject to the Transition Period set out in Article 21.1.

Article 23. Amendment of these Terms

Lettria may amend these Terms at any time and will notify the Customer by email at the address associated with its Account at least thirty (30) calendar days before they take effect.

Upon its first connection following the entry into force of the update, the Customer will be invited to accept the new version of the Terms in order to continue accessing the Services.

If the Customer does not accept these amendments, it may terminate its access to the Services free of charge within thirty (30) days from the notification of the amendments, under the conditions set out in Article 10.

Article 24. Force Majeure

Neither Party shall be held liable for difficulties or temporary impossibilities in performing these Terms arising from force majeure, as defined by Article 1218 of the French Civil Code and as interpreted by French courts.

In the event of a force majeure event preventing a Party from performing its obligations and lasting more than one (1) month, this Contract may be terminated by either Party by registered letter with acknowledgment of receipt or by any other written communication producing the same effects, without either Party having to pay any compensation to the other.

Article 25. Miscellaneous

If any provision of the Contract were to be held null and void under a legal or regulatory provision or a final court decision, only that provision shall be deemed unwritten and shall not entail the nullity of the other provisions, which shall continue to have full effect.

The fact that one Party does not avail itself of a breach by the other Party of any of its obligations shall not be construed as a waiver of the right to subsequently invoke such breach.

These Terms may, upon the Customer’s request, be sent in PDF format by email.

Article 26. Governing Law and Jurisdiction

These Terms are governed by French law.

In the event of a dispute between the Customer and Lettria, the Parties shall endeavor to seek an amicable solution before any litigation. Failing an amicable settlement within two (2) months following the first written notification, the dispute shall be submitted to the exclusive jurisdiction of the courts within the jurisdiction of the Paris Court of Appeal (France).

ANNEX 1 — DATA PROCESSING AGREEMENT (DPA)

Preamble

This Annex constitutes the Data Processing Agreement (hereinafter the “DPA”) entered into between the Customer (hereinafter the “Controller”) and Lettria (hereinafter the “Processor”), in accordance with Article 28 of Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (“GDPR”) and the French Act No. 78-17 of 6 January 1978 on information technology, data files and civil liberties in its version in force.

This DPA applies whenever the Customer submits, via the Perseus Platform (web console or API), personal data as part of text documents processed by the Service. It supplements the Terms and Conditions of Use to which it is attached and forms an integral part thereof. In the event of any conflict, this DPA shall prevail over the Terms with respect to the matters it governs.

Article 1. Personal data processing by Lettria as Processor

1.1 Description of the subprocessed processing

In connection with the Services, Lettria is required to process personal data in the name and on behalf of the Controller, in its capacity as Processor. The Controller acts as data controller within the meaning of the Applicable Regulations.

The characteristics of the processing (purposes, nature of the operations, types of data, categories of data subjects, duration of the processing) are described in Article 2 of this DPA.

1.2 Obligations of the Processor towards the Controller

1.2.1 Processing of the data. Lettria undertakes to process personal data only for the purposes listed in Article 2 of this DPA and in accordance with the documented instructions of the Controller, including with respect to transfers of data outside the European Union. Lettria undertakes to inform the Controller if, in its opinion, an instruction constitutes a breach of the Applicable Regulations.

If Lettria is required to carry out a transfer of data to a third country or to an international organization under the law applicable to the Contract, it must inform the Controller of this legal obligation prior to processing, unless the relevant law prohibits such information on important public-interest grounds.

Lettria ensures that the persons authorized to process personal data are subject to the obligation to maintain confidentiality and receive the necessary training in personal data protection.

No-training commitment for AI models. Lettria undertakes, in accordance with Article 11.3 of the Terms, that personal data contained in the Documents shall under no circumstances be used, by Lettria itself or by its Subprocessors, for the training, retraining, fine-tuning, evaluation or any other form of improvement of artificial intelligence models.

1.2.2 Subprocessors (general authorization with right to object).

The Controller authorizes Lettria to use the subprocessors (the “Subprocessors”) listed in Article 3 of this DPA to carry out specific processing activities (general authorization within the meaning of Article 28(2) of the GDPR).

In the event of a planned change concerning the addition or replacement of a Subprocessor, Lettria will inform the Controller by email at the address associated with the Account and by publication on the Platform, at least thirty (30) days before the actual implementation. The Controller then has a period of thirty (30) days to issue a reasoned written objection at dpo@lettria.com, solely on grounds relating to the protection of personal data.

In the event of a reasoned objection that is not resolved following good-faith discussions between the Parties within a reasonable period, the Controller may terminate the Contract free of charge and without additional notice. Lettria will ensure data portability under the conditions of Article 21 of the Terms.

The Subprocessor is required to comply with the obligations of this DPA on behalf of and in accordance with the instructions of the Controller. It is Lettria’s responsibility to ensure that the Subprocessor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the Applicable Regulations. If the Subprocessor fails to meet its data protection obligations, Lettria shall remain fully liable to the Controller for the performance of the Subprocessor’s obligations.

1.2.3 Transfers of personal data outside the European Union.

The Controller acknowledges and accepts that the provision of the Services involves transfers of personal data outside the European Union, in particular to the United States, to the Subprocessors identified in Article 3 of this DPA.

These transfers are framed by the appropriate safeguards provided for in Chapter V of the GDPR, including:

• the Standard Contractual Clauses adopted by the European Commission in its Implementing Decision (EU) 2021/914 of 4 June 2021 (the “SCCs”); and/or

• where applicable, the recipient’s certification under the Data Privacy Framework (“DPF”) pursuant to Commission Implementing Decision (EU) 2023/1795 of 10 July 2023, where the recipient is certified thereunder and the adequacy decision is in force; and/or

• Binding Corporate Rules (“BCR”) approved in accordance with Article 47 of the GDPR.

For each transfer to a third country not benefiting from an adequacy decision, Lettria has conducted a Transfer Impact Assessment in application of the Schrems II case law (CJEU, 16 July 2020, Case C-311/18) and, where appropriate, implements complementary technical, contractual and organizational measures. A summary of this assessment is made available to the Controller upon request sent to dpo@lettria.com.

Lettria ensures that its Subprocessors comply with the above safeguards and is liable in the event of non-compliance by such Subprocessors.

1.2.4 Assistance and provision of information.

Lettria undertakes to:

• respond as soon as possible to any request for information addressed to it by the Controller, whether in connection with a request from data subjects to exercise their rights, an impact assessment, a request from data protection authorities or the Controller’s data protection officer, or a prior consultation with the supervisory authority;

• forward to the Controller any request for the exercise of rights addressed directly to it by a data subject, upon receipt and to the contact address referenced on the Controller’s Account (or, failing that, to the email address associated with the Account);

• notify the Controller of any personal data breach as soon as possible and at the latest within forty-eight (48) hours after becoming aware of it, by email at the contact address referenced on the Controller’s Account (or, failing that, the email address associated with the Account) and by publication on the console dashboard where applicable. This notification shall contain the elements listed in Article 33(3) of the GDPR;

• to the extent possible, assist the Controller in meeting its obligation to respond to data subjects’ requests to exercise their rights as defined by the Applicable Regulations;

• immediately remedy the personal data breach and actively cooperate with the Controller in implementing the actions necessary to correct any malfunction at the origin or as a consequence of the breach, and to prevent the breach from recurring;

• not disclose any information relating to a personal data breach, except where such disclosure results from a legal or regulatory obligation or has been authorized by the Controller.

1.2.5 Security measures.

Lettria undertakes to take all useful precautions to preserve the confidentiality and security of personal data and in particular to prevent it from being distorted, damaged, diverted or communicated to unauthorized third parties, and more generally to implement all appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access.

These measures include in particular: encryption of data in transit and at rest, strict and logged access controls, logical separation of data between tenants, principle of least privilege, vulnerability management process, regular backups and restoration tests, business continuity and disaster recovery plans, staff awareness and training, and documented incident management procedures.

Lettria undertakes to take all measures in order to (i) guarantee the confidentiality, integrity, availability and constant resilience of the processing systems and services, (ii) restore the availability of personal data and access thereto within appropriate timeframes in the event of a physical or technical incident and (iii) regularly test, analyze and evaluate the effectiveness of these measures.

Lettria makes available to the Controller the documents relating to personal data security, including in particular the necessary technical documentation, the risk analyses produced and the detailed list of security measures implemented.

1.2.6 Fate of the data upon expiry of the Contract.

At the Controller’s choice expressed at the latest within thirty (30) days following the end of the Contract, Lettria undertakes to permanently delete the personal data or to return it to the Controller in an interoperable format, upon expiry of the Contract, whatever the cause, and not to keep any copy thereof, subject to any legal data retention obligations that may apply to it. In the absence of any choice expressed within this period, Lettria proceeds to permanent deletion.

Once the copies have been destroyed, Lettria justifies in writing the destruction upon the Controller’s request.

1.2.7 Documentation and audit.

Lettria states that it keeps in writing a record of all categories of processing activities carried out on behalf of the Controller, including the information listed in Article 30 of the GDPR.

Lettria makes available to the Controller, upon its request, all information and documents necessary to demonstrate compliance with its obligations and to allow the conduct of audits, including inspections, by the Controller or another auditor mandated by it (subject to an appropriate confidentiality undertaking), and contributes to such audits.

Audits are conducted with reasonable prior notice of at least thirty (30) days, at a maximum frequency of once per year (except in the event of a confirmed security incident or a reasoned request from a supervisory authority), during business hours and without excessively disrupting Lettria’s activity. Audit costs are borne by the Controller, except in the event of confirmed non-compliance with the Applicable Regulations identified at the end of the audit, in which case the costs are borne by Lettria. Lettria undertakes to remedy any identified non-compliance without delay and to provide the Controller with the written documents demonstrating that the non-compliance has been remedied.

Lettria may meet its audit obligations by making available recent audit reports (SOC 2, ISO 27001, etc.) or detailed security questionnaires.

1.2.8 Aggregated and anonymized statistics.

Lettria is expressly authorized to produce and use, for the sole purposes of improving, maintaining and monitoring the Platform, as well as for internal statistical purposes, aggregated and anonymized statistics derived from the use of the Service (notably volumes, processing times, error rates, statistical distribution of the types of entities extracted).

These statistics are produced using anonymization techniques compliant with Recital 26 of the GDPR and the recommendations of the European Data Protection Board, so that no re-identification of a person, Document or Customer is possible. Once anonymized within the meaning of the GDPR, these statistics no longer constitute personal data.

Apart from such use for aggregated and anonymized statistical purposes, in the event Lettria wishes to reuse the data for its own account, Lettria undertakes to obtain the prior written authorization of the Controller.

1.2.9 Data Protection Officer.

Lettria may be contacted for any question relating to this DPA and more generally to the protection of personal data at the following address: dpo@lettria.com.

1.2.10 Liability of the Processor.

The Parties acknowledge and agree that the liability caps provided for in Article 16 of the Terms do not apply to Lettria’s compliance with the provisions of this DPA. In the event of breach by Lettria of the obligations set out in this DPA, its liability is engaged under the conditions of common law, without application of the contractual caps.

Article 2. Description of the Processing

Article 3. List of Authorized Subprocessors

This list reflects the state of the Subprocessors as of the effective date of this DPA. Any change is notified to the Controller in accordance with Article 1.2.2.

Note: This list may be supplemented by ancillary subprocessors (transactional email delivery, internal productivity tools, support tools) the up-to-date list of which is available upon request at dpo@lettria.com and published on the Platform. Any change is notified in accordance with Article 1.2.2.