KAVIA AI – NDA ANNEX FOR CUSTOMER ENVIRONMENT ACCESS

Version 1.0
Last Updated: December 3, 2025

This NDA Annex (“Annex”) applies when a customer (“Customer”) grants Kavia AI, Inc. or its affiliates (“Kavia”) access to Customer’s internal environments, including but not limited to: private tenants, source code repositories, infrastructure systems, build tools, development environments, or any other non-public technical or business systems (“Customer Environment”).

This Annex is incorporated by reference into any Pilot Agreement, Order Form, Statement of Work, Terms of Service or other commercial agreement between Customer and Kavia (collectively, the "Underlying Agreement"). Capitalized terms not defined here have the meanings given in the Underlying Agreement.

By granting Kavia access to the Customer Environment, Customer agrees to the terms of this Annex.

1. Purpose

Kavia may access Customer’s Environment solely to provide onboarding, technical support, issue diagnosis, proof-of-concept work, evaluation assistance, or forward-deployment engineering services as described in the Underlying Agreement (“Purpose”).

2. Confidential Information

2.1 Definition

“Confidential Information” means any non-public information disclosed or made accessible by one party (“Discloser”) to the other party (“Recipient”), whether or not marked or identified as confidential, including:

  • source code, libraries, algorithms, models, build scripts
  • architecture diagrams, design documents, specifications
  • credentials, access tokens, environment metadata
  • product roadmaps, business plans, customer lists
  • internal tools, systems, processes, or workflows
  • technical, operational, financial, or strategic information

Confidential Information includes information accessible by Kavia inside Customer’s Environment even if not explicitly transmitted.

2.2 Exceptions

Confidential Information does not include information that:

  • is or becomes publicly available without breach;
  • was lawfully known to Recipient without confidentiality obligations;
  • is independently developed without reference to Confidential Information;
  • is lawfully obtained from a third party without breach.

In addition, and notwithstanding anything contained herein to the contrary, Recipient may disclose Discloser's confidential information to the extent compelled by applicable law; provided however, prior to such disclosure, Recipient shall provide prior written notice to Discloser and seek a protective order or such similar confidential protection as may be available under applicable law. Recipient must provide reasonable cooperation to Discloser to seek protective treatment and Recipient will disclose only what is legally required. Recipient bears the burden of proving an exception.

3. Use Restrictions

Recipient shall:

  • use Confidential Information solely for the Purpose;
  • not disclose it to any third party except as permitted below;
  • not reverse-engineer or attempt to reconstruct Customer’s proprietary systems;
  • not use Confidential Information to compete with the Discloser;
  • not store or copy Customer code outside the Customer Environment unless explicitly authorized in writing.

4. Personnel Access Controls

Kavia may disclose Customer Confidential Information only to its employees, and contractors bound by written confidentiality obligations at least as protective as this Annex and who have a strict need to know in order to deliver the Purpose. Kavia is responsible for any breaches by its personnel.

5. Security Requirements

Kavia will maintain reasonable administrative, technical, and physical safeguards designed to protect Confidential Information from unauthorized access, consistent with:

  • industry standards
  • the sensitivity of the information
  • Kavia’s internal security policies

If Customer imposes specific access protocols (e.g., VPN, SSO, MFA), Kavia will use commercially reasonable efforts to implement the same and otherwise comply. If Customer imposes specific access protocols (e.g., VPN, SSO, MFA), Kavia will use commercially reasonable efforts to implement the same and otherwise comply.

6. Return or Deletion

Upon Customer’s written request, Kavia will:

  • remove stored Confidential Information (if any)
  • destroy local working files (if any)
  • certify destruction as required

Routine backups or ephemeral logs maintained according to standard IT practices may be retained but remain subject to confidentiality.

7. No License

No rights to the other party's IP are granted under this Annex. Customer retains all rights in its code, data, and systems. Kavia retains all rights in its platform, software, models, and technology.

8. Duration

Confidentiality obligations survive for five (5) years from the date of disclosure, and indefinitely for trade secrets, as long as they remain trade secrets under applicable law.

  • for five (5) years from the date of disclosure,
  • and indefinitely for trade secrets, as long as they remain trade secrets under applicable law.

9. Remedies

Unauthorized disclosure or misuse may cause irreparable harm.

The Discloser is entitled to seek:

  • injunctive relief
  • equitable remedies
  • all other remedies available at law or in equity

without needing to prove monetary damages.

10. Conflict with Other Terms

If this Annex conflicts with the Underlying Agreement:

  • this Annex controls for matters involving confidentiality, access to Customer Environments, and protection of Customer source code and systems;
  • this Annex supplements but does not supersede Kavia's Terms of Service (consent required to use the SaaS Platform - available at https://kavia.ai/terms);
  • the Underlying Agreement controls for all other matters.

11. Governing Law

This Annex follows the governing law specified in the Underlying Agreement.

12. Updates and Versioning

Kavia may publish updates to this Annex. Updates will not apply retroactively to active pilots unless mutually agreed. Current and historical versions will be maintained at: Kavia may publish updates to this Annex. Updates will not apply retroactively to active pilots unless mutually agreed. Current and historical versions will be maintained at:

https://kavia.ai/legal/nda-annex

End of NDA Annex