Effective May 17, 2026 Version v1.0 Juron Labs, Inc.

Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the Terms of Service (the “Agreement”) between Juron Labs, Inc. (“Juron”, “Processor”) and the customer agreeing to the Agreement (“Customer”, “Controller”). It governs the Processing of Personal Data by Juron on the Customer’s behalf in connection with the Service. Where the Customer itself acts as a processor for its own end customers, references to the Controller include the Customer acting in that capacity.

1.Roles & Scope

For the purposes of this DPA, the Customer is the Controller and Juron is the Processor of Customer Personal Data. This DPA applies to the extent Juron Processes Personal Data subject to data protection laws, including the EU and UK General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). For CCPA purposes, Juron acts as a “service provider” and does not “sell” or “share” Personal Data, and will not retain, use, or disclose it except to perform the Service.

2.Definitions

“Personal Data”, “Processing”, “Controller”, “Processor”, “Data Subject”, and “Personal Data Breach” have the meanings given in applicable data protection law. “Customer Personal Data” means Personal Data contained in Customer Data Processed by Juron under the Agreement. “Sub-processor” means a third party engaged by Juron to Process Customer Personal Data.

3.Processing Instructions

Juron will Process Customer Personal Data only on the Customer’s documented instructions — including as set out in the Agreement, this DPA, and the Customer’s configuration and use of the Service — unless required to act otherwise by law, in which case Juron will inform the Customer (unless legally prohibited). Juron will inform the Customer if, in its opinion, an instruction infringes applicable data protection law. Juron will not Process Customer Personal Data for its own purposes and will not use it to train, fine-tune, or evaluate any model.

4.Details of Processing

The subject matter, duration, nature, purpose, types of Personal Data, and categories of Data Subjects are described in Annex A.

5.Confidentiality

Juron ensures that personnel authorized to Process Customer Personal Data are bound by appropriate confidentiality obligations and Process the data only as instructed.

6.Security

Juron implements and maintains appropriate technical and organizational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, as described in Annex B. These measures take into account the state of the art, the costs of implementation, and the risks to Data Subjects.

7.Sub-processors

The Customer provides general authorization for Juron to engage Sub-processors. Current Sub-processors are listed in Annex C. Juron imposes data protection obligations on each Sub-processor that are substantially similar to those in this DPA and remains responsible for each Sub-processor’s performance. Juron will give the Customer at least fourteen (14) days’ notice of any new or replacement Sub-processor. The Customer may object on reasonable data-protection grounds, and the parties will work in good faith to resolve the objection; if it cannot be resolved, the Customer may terminate the affected portion of the Service.

8.Data Subject Rights

Taking into account the nature of the Processing, Juron will assist the Customer — by appropriate technical and organizational measures and insofar as possible — in responding to requests from Data Subjects exercising their rights under applicable law. If Juron receives such a request directly, it will, unless legally prohibited, direct the Data Subject to the Customer.

9.Personal Data Breach

Juron will notify the Customer without undue delay, and in any event within seventy-two (72) hours, after becoming aware of a Personal Data Breach affecting Customer Personal Data. The notification will describe the nature of the breach, the likely consequences, and the measures taken or proposed, and Juron will provide further information reasonably available to assist the Customer in meeting its own breach-notification obligations.

10.Impact Assessments

Juron will provide the Customer with reasonable assistance for data protection impact assessments and prior consultations with supervisory authorities, taking into account the nature of the Processing and the information available to Juron.

11.International Transfers

Customer tenants are hosted in the United States or the European Union, as selected by the Customer at onboarding. Where Customer Personal Data originating in the EEA, the United Kingdom, or Switzerland is transferred to a country without an adequacy decision, the transfer is made under the Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework. The Standard Contractual Clauses are incorporated into this DPA by reference and apply where required. The Customer may elect EU residency to keep Processing within the European Union.

12.Deletion & Return of Data

On termination or expiry of the Agreement, Juron will, at the Customer’s choice, delete or return Customer Personal Data and delete existing copies, except to the extent retention is required by law. Operational records may be exported by the Customer for thirty (30) days after termination, after which they are deleted in accordance with the Privacy Policy.

13.Audits

Juron will make available to the Customer information reasonably necessary to demonstrate compliance with this DPA, including third-party audit reports and certifications where available. Where that information is insufficient, the Customer may, on reasonable prior notice and no more than once per year (unless required by a supervisory authority), conduct an audit of Juron’s relevant practices, subject to confidentiality obligations and provided the audit does not unreasonably disrupt Juron’s operations.

14.Liability

Each party’s liability arising out of or related to this DPA is subject to the limitations and exclusions of liability set out in the Agreement.

15.Order of Precedence

In the event of a conflict between this DPA and the Agreement regarding the Processing of Personal Data, this DPA prevails. Where the Standard Contractual Clauses apply, they prevail over this DPA to the extent of any conflict.

16.Contact

Data protection inquiries: privacy@juron.ai. Data Protection Officer: dpo@juron.ai.

A.Annex A — Details of Processing

Subject matter. Provision of the Juron Service to the Customer.

Duration. The term of the Agreement, plus the retention periods set out in the Privacy Policy.

Nature and purpose. Hosting, executing, and logging automated operational actions on the Customer’s connected business systems; responding to requests; and providing onboarding and support.

Types of Personal Data. Names, business contact details, and job roles; account credentials in hashed form and two-factor secrets; connector metadata; operational records generated by the Service; and any Personal Data contained within the systems the Customer connects.

Categories of Data Subjects. The Customer’s personnel and authorized users; and the Customer’s own customers, leads, and contacts whose data is present in the systems the Customer connects.

B.Annex B — Technical & Organizational Measures

C.Annex C — Sub-processors

The current list of Sub-processors is also published at juron.ai/subprocessors. Material changes are notified to customer administrators by email at least fourteen (14) days in advance.

© 2026 Juron Labs, Inc. · All rights reserved Terms · Privacy · DPA