Breeze RMM — Hosted Terms of Service

Effective Date: April 8, 2026
Last Updated: April 8, 2026

1. Definitions

“Agreement” means these Terms of Service, together with any Order Form, Data Processing Addendum (“DPA”), Service Level Agreement (“SLA”), and Acceptable Use Policy (“AUP”), each as incorporated by reference.

“Agent Software” means the Breeze RMM software agent installed on Managed Devices to enable monitoring, management, and remote access functionality.

“Authorized User” means any individual granted access to the Platform by the Customer, including the Customer’s employees, contractors, and personnel.

“Breeze,” “we,” “us,” or “our” means Breeze RMM, Lantern Ops, LLC, a Colorado limited liability company.

“Confidential Information” means any non-public information disclosed by either party to the other in connection with this Agreement, including technical data, trade secrets, business plans, Customer Data, and security configurations.

“Customer,” “you,” or “your” means the entity or individual that enters into this Agreement to access and use the Platform in a professional capacity, including Managed Service Providers (MSPs), internal IT teams, and IT professionals or consultants.

“Customer Data” means all data, content, and information collected from or about Managed Devices, End Users, and Customer’s environment through the Platform or Agent Software, including but not limited to system metrics, hardware and software inventory, event logs, security scan results, script outputs, remote session data, and any files uploaded to or processed by the Platform.

“End User” means the owner, operator, or authorized user of a Managed Device, or a customer or client of the Customer on whose behalf the Customer uses the Platform.

“Managed Device” or “Endpoint” means any computer, server, mobile device, or network device on which the Agent Software is installed or which is otherwise monitored or managed through the Platform.

“Order Form” means any ordering document, online subscription form, or written agreement specifying the services, subscription tier, endpoint limits, and fees applicable to the Customer’s use of the Platform.

“Platform” or “Services” means the Breeze RMM hosted cloud platform, including the web-based management console, APIs, Agent Software, and all related services provided by Breeze.

“Service Data” means operational and telemetry data generated by the Platform itself regarding its operation, performance, and usage patterns, excluding Customer Data.

“Subscription Term” means the period of time during which the Customer is authorized to use the Platform as specified in the applicable Order Form.

2. Agreement and Acceptance

2.1 Binding Agreement

By accessing or using the Platform, creating an account, installing the Agent Software, or executing an Order Form, you agree to be bound by this Agreement. If you are entering into this Agreement on behalf of an organization, you represent that you have authority to bind that organization.

2.2 Order of Precedence

In the event of a conflict between documents, the following order of precedence applies (highest to lowest):

1. Data Processing Addendum (DPA)
2. Order Form
3. These Terms of Service
4. Service Level Agreement
5. Acceptable Use Policy
6. Documentation

2.3 Changes to Terms

We may modify these Terms with at least thirty (30) days’ prior written notice via email to the account owner or in-app notification. Continued use of the Platform after the notice period constitutes acceptance of the modified Terms. If you object to any modification, you may terminate this Agreement by providing written notice within thirty (30) days of notification, and your termination will be effective at the end of the then-current Subscription Term. For EU Customers, see Section 24.3 regarding material changes.

3. License Grant and Restrictions

3.1 License Grant

Subject to the terms of this Agreement and payment of applicable fees, Breeze grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable right to:

1. Access and use the Platform during the Subscription Term;
2. Install and operate the Agent Software on Managed Devices solely for the purpose of receiving managed monitoring and management services; and
3. Permit Authorized Users to access the Platform in accordance with your subscription tier.

3.2 Permitted Use

The hosted Platform is intended for professional use. You may use the Platform for any of the following purposes, provided you have proper authorization to monitor and manage each Managed Device:

1. Managed Service Providers (MSPs): to deliver managed IT services to your clients (“End Users”);
2. Internal IT teams: to monitor and manage devices owned or operated by your organization; and
3. IT professionals and consultants: to manage devices for clients under a direct service relationship.

You may not use the Platform to monitor or access devices you are not authorized to manage, or for any purpose prohibited by Section 7 (Acceptable Use Policy).

Personal and non-commercial use. The hosted Platform is not intended for individual home users, hobbyists, or personal device management. Individuals who want to monitor and manage their own devices outside a professional context are encouraged to use the open-source, self-hosted version of Breeze RMM available at github.com/lanternops/breeze, which is governed by its own open-source license rather than this Agreement.

3.3 License Restrictions

You shall not, and shall not permit any third party to:

1. Reverse engineer, decompile, disassemble, or attempt to derive the source code of the Platform or Agent Software;
2. Modify, adapt, translate, or create derivative works based on the Platform;
3. Sublicense, rent, lease, loan, sell, resell, or distribute the Platform or access thereto;
4. Use the Platform to build a competing product or service, or for competitive benchmarking;
5. Circumvent or disable any security, licensing, or access control mechanisms;
6. Exceed the endpoint count, user limits, or other usage restrictions specified in your Order Form;
7. Remove, alter, or obscure any proprietary notices or labels;
8. Use the Platform in violation of any applicable law, regulation, or third-party right; or
9. Access the Platform through any automated means (bots, scrapers) except through approved APIs.

4. Agent Software

4.1 System-Level Access

You acknowledge and agree that the Agent Software operates with elevated system privileges (SYSTEM on Windows, root on macOS/Linux) on Managed Devices. This level of access is necessary to provide the monitoring, management, remote access, and remediation capabilities of the Platform.

4.2 Agent Capabilities

The Agent Software is designed to perform the following functions on Managed Devices:

1. Monitoring: Collect and transmit system metrics (CPU, memory, disk, network), hardware inventory, software inventory, security status, event logs, user session data, and network configuration;
2. Command Execution: Execute commands, scripts (PowerShell, Bash, Python, CMD), and system operations as directed by Authorized Users through the Platform;
3. Remote Access: Enable remote desktop viewing and control, terminal access, file operations, and clipboard synchronization;
4. Patching: Download, install, and manage operating system and third-party software updates;
5. Security: Perform security scans, enforce security policies, manage firewall and encryption settings, and execute threat remediation actions;
6. Configuration: Apply configuration policies, manage Windows registry settings, and enforce compliance baselines (e.g., CIS benchmarks);
7. Discovery: Perform network discovery (ARP, ICMP, port scanning) to identify devices on managed networks; and
8. Automation: Execute automated workflows, playbooks, and scheduled tasks.

4.3 Agent Updates

Breeze may, from time to time, update the Agent Software to add features, fix bugs, or address security vulnerabilities. You agree to maintain the Agent Software at a supported version. Breeze reserves the right to cease support for Agent Software versions more than two (2) major versions behind the current release.

4.4 Agent Authentication

Each Agent Software instance is authenticated using cryptographic tokens hashed with SHA-256. Optional mutual TLS (mTLS) authentication is available for enhanced security. You are responsible for safeguarding agent enrollment tokens and credentials.

5. Remote Access and Privileged Operations

5.1 Remote Desktop and Terminal Access

The Platform provides remote desktop viewing and control (via WebRTC) and terminal access (via encrypted WebSocket connections) to Managed Devices. These capabilities allow Authorized Users to:

1. View and interact with the desktop of a Managed Device in real-time, including multi-monitor support;
2. Control mouse and keyboard input on the Managed Device;
3. Access command-line terminals with full shell capabilities;
4. Transfer files to and from Managed Devices; and
5. Synchronize clipboard content between the Authorized User’s device and the Managed Device.

5.2 End User Consent and Notification

You are solely responsible for obtaining and maintaining proper authorization and consent from End Users (or the owners of Managed Devices) before deploying the Agent Software and using remote access capabilities. This includes:

1. Informing End Users that monitoring software is installed and active on their devices;
2. Disclosing the scope of data collection and remote access capabilities;
3. Obtaining affirmative consent for remote desktop control of attended devices (devices with an active user session);
4. Complying with all applicable laws regarding electronic monitoring, consent, and privacy in the jurisdictions where Managed Devices are located; and
5. Maintaining written records of such authorization and consent.

5.3 Unattended Access

Unattended remote access (to servers, kiosks, or devices without an active user) is permitted only when the Customer has proper authorization from the device owner, whether through a managed services agreement or internal IT policy.

5.4 Session Logging

All remote access sessions (desktop and terminal) are logged in the Platform’s audit trail, including the Authorized User who initiated the session, start and end timestamps, and the target Managed Device.

6. AI-Powered Features

6.1 AI Agent Capabilities

The Platform includes AI-powered features (“AI Agent”) that use large language models to assist with device management, troubleshooting, and automation. The AI Agent can:

1. Query device status, metrics, and inventory;
2. Analyze alerts, logs, and security posture;
3. Execute commands, scripts, and remediation actions on Managed Devices;
4. Create and manage automation workflows;
5. Capture and analyze screenshots of Managed Device screens; and
6. Perform file operations, patch management, and configuration changes.

6.2 AI Guardrails and Approval Workflows

The Platform provides configurable guardrails for AI Agent actions, including:

1. Tool Tiers: Actions are classified into tiers (read-only, write, dangerous) with escalating approval requirements;
2. Approval Modes: Per-step approval, action plan approval, auto-approve, or hybrid modes;
3. Budget Controls: Configurable daily and monthly cost limits; and
4. Rate Limiting: Per-user and per-organization rate limits on AI usage.

6.3 AI Limitations and Disclaimers

You acknowledge that:

1. The AI Agent is a tool to assist human operators and is not a substitute for qualified IT professionals;
2. AI-generated recommendations and actions may contain errors and should be reviewed by qualified personnel;
3. You are solely responsible for configuring appropriate approval workflows and guardrails;
4. You are solely responsible for all actions taken by the AI Agent on your behalf, whether approved manually or auto-approved; and
5. Breeze does not guarantee the accuracy, completeness, or suitability of AI-generated outputs for any particular purpose.

6.4 AI Data Processing

Prompts, responses, and tool execution data from AI interactions may be processed by third-party AI model providers (currently Anthropic) in accordance with their applicable terms and our DPA. Breeze does not use Customer Data submitted to the AI Agent to train AI models.

7. Acceptable Use Policy

7.1 Prohibited Activities

You shall not, and shall not permit any Authorized User or third party to, use the Platform to:

1. Unauthorized Access: Deploy Agent Software on devices without proper authorization from the device owner, or access systems or data beyond the scope of your authorization under a managed services agreement or internal IT policy;
2. Surveillance and Harassment: Monitor, surveil, stalk, or harass individuals without their knowledge and proper legal authorization; use remote access capabilities to spy on or record individuals without consent;
3. Malicious Use: Use the Platform as a backdoor, remote access trojan (RAT), or persistence mechanism for unauthorized access; deploy malware, ransomware, or other malicious code via the Platform;
4. Attack Facilitation: Conduct cyberattacks against third-party systems using Managed Devices; use network discovery or scanning capabilities against networks you are not authorized to scan; perform credential dumping, unauthorized privilege escalation, or lateral movement;
5. Security Circumvention: Circumvent, disable, or tamper with endpoint security tools (antivirus, EDR, firewall) via Agent privileges, except as part of authorized security management;
6. Data Exfiltration: Collect or extract data from Managed Devices beyond the scope of authorized monitoring and management activities;
7. Unlawful Activity: Use the Platform in violation of any applicable law, regulation, or industry standard, including but not limited to privacy laws, export controls, and anti-corruption statutes;
8. Platform Abuse: Attempt to gain unauthorized access to the Platform, other customers’ data, or Breeze’s internal systems; interfere with or disrupt the Platform’s operation or security; or use the Platform to conduct denial-of-service attacks;
9. Competitive Use: Use the Platform for competitive analysis, benchmarking, or to build a competing product; or
10. Resale Without Authorization: Resell or redistribute access to the Platform without a written reseller agreement.

7.2 Enforcement

Breeze reserves the right to investigate suspected violations of this AUP and to suspend or terminate access to the Platform for confirmed violations. In cases of suspected illegal activity, Breeze may report the activity to appropriate law enforcement authorities.

7.3 Abuse Monitoring

Consistent with CISA guidance on securing remote access software, Breeze monitors for anomalous usage patterns that may indicate compromise or abuse of the Platform, including but not limited to mass deployment from trial accounts, unusual scripting activity, and access from sanctioned jurisdictions.

8. Customer Obligations

8.1 Authorization and Consent

You shall:

1. Maintain proper written authorization from End Users (or device owners) for all Managed Devices;
2. Ensure End Users are informed that the Agent Software is installed and operational;
3. Comply with all applicable consent, notification, and privacy requirements in each jurisdiction where Managed Devices are located;
4. Maintain records of such authorization and consent and provide them to Breeze upon reasonable request; and
5. Ensure that your use of the Platform complies with your own agreements with End Users.

8.2 Account Security

You shall:

1. Maintain strong, unique passwords for all Authorized User accounts;
2. Enable multi-factor authentication (MFA) for all accounts with administrative privileges;
3. Restrict access to the minimum number of Authorized Users necessary;
4. Promptly revoke access for personnel who no longer require it;
5. Not share credentials or allow unauthorized access to your account; and
6. Notify Breeze immediately upon discovering any unauthorized access or security breach affecting your account.

8.3 Responsible Use

You shall:

1. Test all scripts, automations, and configuration policies in a non-production environment before deploying to production Managed Devices;
2. Maintain the Agent Software at a supported version;
3. Configure appropriate AI guardrails and approval workflows before enabling AI-powered features;
4. Review and verify AI-generated recommendations before applying them to production systems;
5. Maintain appropriate backups of Managed Device data independent of the Platform; and
6. Report any suspected security vulnerabilities in the Platform to Breeze promptly through our responsible disclosure process.

9. Data Ownership and Processing

9.1 Customer Data Ownership

You retain all right, title, and interest in and to your Customer Data. Breeze acquires no ownership rights in Customer Data.

9.2 License to Process

You grant Breeze a limited, non-exclusive license to collect, store, process, and transmit Customer Data solely as necessary to provide and maintain the Platform and perform our obligations under this Agreement.

9.3 Data Processing Roles

1. Customer as Controller/Business: You determine the purposes and means of processing personal data collected through the Platform;
2. Breeze as Processor/Service Provider: Breeze processes personal data solely on your behalf and in accordance with your documented instructions; and
3. End User Relationships: You are responsible for establishing appropriate data processing agreements with your End Users for data collected through the Platform.

9.4 Data Processing Addendum

The processing of personal data under this Agreement is governed by our Data Processing Addendum (DPA), which is incorporated by reference. The DPA addresses:

1. GDPR Article 28 processor obligations;
2. CCPA/CPRA service provider obligations;
3. Standard Contractual Clauses (SCCs) for international data transfers;
4. Sub-processor management, notification, and objection procedures;
5. Data subject rights assistance;
6. Security measures and breach notification; and
7. Data deletion and return upon termination.

For EU Customers, international transfers of personal data are conducted under the Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914). See Section 24.5 for additional details.

9.5 Service Data

Breeze may collect and use Service Data (operational telemetry about Platform usage, performance, and availability) to operate, maintain, and improve the Platform. Service Data does not include Customer Data. Breeze may use anonymized, aggregated Service Data for product improvement and industry benchmarking, provided such data cannot be used to identify any Customer, End User, or Managed Device.

9.6 Sub-Processors

A current list of sub-processors is maintained at breezermm.com/legal/sub-processors. Breeze will notify you at least thirty (30) days before engaging a new sub-processor. If you object to a new sub-processor, the parties will negotiate in good faith to resolve the concern. If no resolution is reached within thirty (30) days, you may terminate the affected services without penalty.

9.7 No Sale of Data

Breeze does not sell, share, or disclose Customer Data to third parties for advertising, marketing, or any commercial purpose unrelated to providing the Platform.

10. Privacy and Data Collection

10.1 Data Categories Collected

The Agent Software and Platform collect the following categories of data from Managed Devices:

10.2 Data Collection Frequency

• Heartbeat data (metrics, status): Periodic intervals (configurable, typically 60–300 seconds)
• Inventory data (hardware, software): On change detection and periodic full sync
• Event logs: Shipped in batches approximately every 60 seconds
• Security scans: On-demand and scheduled
• Remote session data: Only during active remote access sessions
• AI data: Only during active AI interactions

10.3 Data Minimization

The Platform collects only data necessary to provide the monitoring, management, security, and automation features described in this Agreement. Customers may configure data collection settings to limit the scope of collection where the Platform provides such options.

11. Security Commitments

11.1 Infrastructure Security

Breeze implements and maintains the following security measures:

1. Encryption in Transit: All data transmitted between the Agent Software, Platform, and users is encrypted using TLS 1.2 or higher. Remote desktop sessions use DTLS/SRTP via WebRTC;
2. Encryption at Rest: Customer Data stored in databases is encrypted at rest using AES-256;
3. Authentication: Multi-factor authentication (MFA) is available for all user accounts; agent authentication uses SHA-256 hashed tokens with optional mutual TLS (mTLS);
4. Access Control: Role-based access control (RBAC) with granular permissions; principle of least privilege enforced;
5. Multi-Tenant Isolation: Customer data is logically isolated using organization-scoped access controls and row-level security (RLS) policies;
6. Rate Limiting: Redis-backed sliding window rate limiting to prevent brute-force attacks and API abuse;
7. Audit Logging: Comprehensive, tamper-resistant audit logs of all administrative actions, API calls, remote access sessions, and AI interactions; and
8. Network Security: Firewall rules, intrusion detection, and DDoS mitigation.

11.2 Organizational Security

1. Background checks for personnel with access to Customer Data;
2. Security awareness training for all employees;
3. Least-privilege access for internal systems with regular access reviews;
4. Incident response plan with regular testing; and
5. Business continuity and disaster recovery procedures.

11.3 Compliance Audits

1. Breeze is working toward SOC 2 Type II certification covering the Trust Service Criteria for Security, Availability, and Confidentiality. Breeze will undergo independent audits on an annual basis once certification is achieved;
2. Breeze plans to engage qualified third-party security firms for annual penetration testing as the Platform matures;
3. Once available, audit reports and penetration test summaries will be made available to Customers under NDA upon written request; and
4. Customers may request current compliance documentation at any time, and Breeze will provide available documentation together with a good-faith update on certification progress.

11.4 Security Incident Response

In the event of a confirmed security incident affecting Customer Data:

1. Breeze will notify the affected Customer within seventy-two (72) hours of confirmation;
2. Notification will include: nature of the incident, categories of data affected, approximate number of records affected, likely consequences, and remediation measures taken;
3. Breeze will provide ongoing updates as the investigation progresses;
4. A post-incident report with root cause analysis and preventive measures will be provided within thirty (30) days of incident resolution; and
5. For EU Customers, Breeze will provide all information reasonably necessary for the Customer to fulfill its own notification obligations to supervisory authorities under GDPR Article 33 and to affected data subjects under Article 34.

12. Service Level Agreement

12.1 Uptime Commitment

Breeze commits to 99.9% monthly uptime for the hosted Platform, measured as the percentage of total minutes in the calendar month during which the Platform is available.

12.2 Exclusions

The following are excluded from uptime calculations:

1. Scheduled maintenance windows (announced at least 48 hours in advance);
2. Emergency maintenance necessary to address security vulnerabilities;
3. Downtime caused by factors outside Breeze’s reasonable control (force majeure);
4. Issues caused by Customer’s equipment, software, or network connectivity;
5. Issues caused by third-party services or integrations not operated by Breeze; and
6. Agent Software performance issues attributable to the Managed Device’s hardware, OS, or network conditions.

12.3 Service Credits

Service Credits must be requested in writing within thirty (30) days of the incident. Credits are applied to future invoices and shall not exceed 50% of the monthly fees for the affected month. Service Credits are the sole and exclusive remedy for failure to meet the uptime commitment.

12.4 Agent Software Availability

Agent Software performance depends on the Managed Device’s resources, network connectivity, and operating system. Breeze does not provide an SLA for Agent Software uptime on individual Managed Devices but commits to providing timely bug fixes, security patches, and support for agent connectivity issues.

13. Support

13.1 Support Tiers

13.2 Support Channels

Support is available via email, in-app chat, and documentation portal. Support hours and additional channels (phone, dedicated account manager) may vary by subscription tier as specified in the Order Form.

14. Fees and Payment

14.1 Subscription Fees

Customer shall pay the subscription fees specified in the applicable Order Form. Fees are based on the number of Managed Devices, subscription tier, and any add-on features selected.

14.2 Payment Terms

Unless otherwise specified in the Order Form, invoices are due within thirty (30) days of the invoice date. Overdue amounts accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law.

14.3 Taxes

Fees are exclusive of all taxes, levies, and duties. Customer is responsible for all applicable taxes, excluding taxes based on Breeze’s net income.

14.4 Price Changes

Breeze may adjust pricing for renewal terms with at least sixty (60) days’ prior written notice before the start of the next renewal period.

14.5 Overage

If Customer exceeds the endpoint count specified in the Order Form, Breeze will notify Customer and may charge for additional endpoints at the then-current per-endpoint rate.

14.6 Auto-Renewal

Subscriptions automatically renew for successive periods of the same duration as the initial Subscription Term unless either party provides written notice of non-renewal at least sixty (60) days prior to the end of the then-current term.

15. Intellectual Property

15.1 Breeze IP

The Platform, Agent Software, documentation, and all related intellectual property rights are and remain the sole and exclusive property of Breeze and its licensors. This Agreement does not convey any ownership rights in the Platform.

15.2 Customer IP

Customer retains all ownership rights in Customer Data, proprietary scripts, automation configurations, and other content created by Customer within the Platform. Customer grants Breeze only the limited license described in Section 9.2.

15.3 Feedback

If Customer provides suggestions, enhancement requests, or other feedback regarding the Platform (“Feedback”), Breeze may freely use such Feedback without obligation or compensation to Customer.

15.4 Third-Party Components

The Platform incorporates third-party open-source and commercial components. Applicable third-party license notices are available at breezermm.com/legal/third-party-notices. Third-party components include, but are not limited to, Cisco OpenH264 (BSD license) for video encoding.

16. Confidentiality

16.1 Obligations

Each party agrees to: (a) maintain the confidentiality of the other party’s Confidential Information using at least the same degree of care it uses for its own confidential information, but no less than reasonable care; (b) not disclose Confidential Information to any third party except as necessary to perform obligations under this Agreement; and (c) not use Confidential Information for any purpose outside this Agreement.

16.2 Exceptions

Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was rightfully known to the receiving party prior to disclosure; (c) is independently developed without reference to the Confidential Information; or (d) is rightfully received from a third party without restriction.

16.3 Required Disclosures

A party may disclose Confidential Information if required by law, regulation, or court order, provided the disclosing party (to the extent legally permitted) gives prompt written notice to the other party to allow them to seek protective measures.

17. Warranty Disclaimers

17.1 As-Is

EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PLATFORM AND AGENT SOFTWARE ARE PROVIDED “AS IS” AND “AS AVAILABLE.” BREEZE DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, AND QUIET ENJOYMENT. NOTHING IN THIS SECTION EXCLUDES OR LIMITS WARRANTIES OR RIGHTS THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE MANDATORY LAW, INCLUDING EU CONSUMER AND DIGITAL CONTENT LEGISLATION.

17.2 No Security Guarantee

BREEZE DOES NOT WARRANT THAT THE PLATFORM WILL DETECT ALL SECURITY THREATS, PREVENT ALL DATA BREACHES, OR PROTECT AGAINST ALL FORMS OF CYBERATTACK. THE PLATFORM IS A TOOL TO ASSIST IN SECURITY MANAGEMENT AND IS NOT A GUARANTEE OF SECURITY.

17.3 No Uptime Guarantee Beyond SLA

EXCEPT FOR THE SERVICE CREDITS DESCRIBED IN SECTION 12, BREEZE DOES NOT GUARANTEE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE OPERATION OF THE PLATFORM.

17.4 No Professional Advice

THE PLATFORM IS NOT INTENDED TO PROVIDE LEGAL, REGULATORY, FINANCIAL, SECURITY, OR COMPLIANCE ADVICE AND IS NOT A SUBSTITUTE FOR QUALIFIED PROFESSIONAL ADVISORS. CUSTOMER IS SOLELY RESPONSIBLE FOR ENSURING ITS USE OF THE PLATFORM COMPLIES WITH APPLICABLE LAWS AND INDUSTRY STANDARDS.

17.5 Third-Party Integrations

BREEZE DOES NOT WARRANT THE AVAILABILITY, ACCURACY, OR PERFORMANCE OF THIRD-PARTY INTEGRATIONS (INCLUDING BUT NOT LIMITED TO SENTINELONE, HUNTRESS, PSA SYSTEMS, AND DNS SECURITY PROVIDERS). CUSTOMER’S USE OF THIRD-PARTY INTEGRATIONS IS SUBJECT TO THE APPLICABLE THIRD-PARTY TERMS.

17.6 AI Features

AI-POWERED FEATURES ARE PROVIDED AS ASSISTIVE TOOLS AND MAY PRODUCE INACCURATE, INCOMPLETE, OR INAPPROPRIATE OUTPUTS. BREEZE MAKES NO WARRANTIES REGARDING THE ACCURACY, RELIABILITY, OR SUITABILITY OF AI-GENERATED CONTENT OR ACTIONS. CUSTOMER IS RESPONSIBLE FOR REVIEWING AND VALIDATING ALL AI OUTPUTS BEFORE ACTING UPON THEM.

18. Limitation of Liability

18.1 Exclusion of Indirect Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, DATA (EXCEPT AS PROVIDED IN THE DPA), BUSINESS, OR GOODWILL, ARISING OUT OF OR RELATED TO THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE) AND REGARDLESS OF WHETHER SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

18.2 Liability Cap

EXCEPT FOR THE CARVE-OUTS IN SECTION 18.4, EACH PARTY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES ACTUALLY PAID OR PAYABLE BY CUSTOMER TO BREEZE IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

18.3 Enhanced Cap for Data Breaches

FOR CLAIMS ARISING FROM A BREACH OF SECTION 11 (SECURITY COMMITMENTS) OR A DATA BREACH CAUSED BY BREEZE’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, BREEZE’S TOTAL LIABILITY SHALL NOT EXCEED TWO TIMES (2X) THE TOTAL FEES ACTUALLY PAID OR PAYABLE BY CUSTOMER IN THE TWELVE (12) MONTHS PRECEDING THE INCIDENT.

18.4 Carve-Outs

The limitations in Sections 18.1 and 18.2 shall not apply to:

1. Either party’s indemnification obligations under Section 19;
2. Breeze’s liability for gross negligence or willful misconduct;
3. Customer’s obligation to pay fees due under this Agreement;
4. Customer’s breach of Section 3.3 (License Restrictions) or Section 7 (Acceptable Use Policy);
5. Either party’s breach of Section 16 (Confidentiality); or
6. Liability that cannot be limited under applicable law (e.g., death or personal injury caused by negligence).

18.5 Essential Basis

THE LIMITATIONS AND EXCLUSIONS IN THIS SECTION 18 REFLECT A FAIR ALLOCATION OF RISK BETWEEN THE PARTIES AND FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN THE PARTIES. THE PLATFORM WOULD NOT BE PROVIDED WITHOUT THESE LIMITATIONS.

18.6 Customer-Deployed Content

BREEZE SHALL HAVE NO LIABILITY FOR DAMAGES ARISING FROM SCRIPTS, AUTOMATIONS, CONFIGURATION POLICIES, OR OTHER CONTENT CREATED, CONFIGURED, OR DEPLOYED BY CUSTOMER OR ITS AUTHORIZED USERS THROUGH THE PLATFORM. CUSTOMER IS SOLELY RESPONSIBLE FOR TESTING AND VALIDATING ALL DEPLOYMENTS.

19. Indemnification

19.1 Breeze Indemnification

Breeze shall defend, indemnify, and hold harmless Customer from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys’ fees) arising from:

1. Breeze’s infringement of a third party’s intellectual property rights by the Platform as provided by Breeze (excluding claims arising from Customer’s modifications, combinations with non-Breeze products, or use in violation of this Agreement);
2. Breeze’s material breach of the DPA; or
3. Breeze’s gross negligence or willful misconduct.

19.2 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Breeze from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys’ fees) arising from:

1. Customer’s breach of this Agreement, including the Acceptable Use Policy;
2. Customer’s violation of applicable law;
3. Claims by End Users or third parties arising from Customer’s use of the Platform, including failure to obtain proper consent or authorization;
4. Customer Data or content uploaded, created, or deployed by Customer through the Platform;
5. Customer’s negligence or willful misconduct; or
6. Customer’s infringement of third-party intellectual property rights through Customer’s modifications, configurations, or combinations with non-Breeze products.

19.3 Indemnification Process

The indemnified party shall: (a) provide prompt written notice of any claim; (b) grant the indemnifying party sole control of the defense and settlement (provided that no settlement that imposes obligations on the indemnified party may be made without consent); and (c) provide reasonable cooperation at the indemnifying party’s expense.

20. Term and Termination

20.1 Term

This Agreement is effective as of the date you first accept it and continues for the Subscription Term specified in the Order Form, subject to auto-renewal as described in Section 14.6.

20.2 Termination for Cause

Either party may terminate this Agreement upon written notice if:

1. The other party materially breaches this Agreement and fails to cure such breach within thirty (30) days of written notice; or
2. The other party becomes insolvent, files for bankruptcy, or ceases to operate in the ordinary course of business.

20.3 Termination for Non-Payment

Breeze may terminate this Agreement or suspend access to the Platform if Customer fails to pay undisputed fees within ten (10) business days of written notice of non-payment.

20.4 Immediate Termination

Breeze may immediately suspend or terminate access to the Platform without prior notice if:

1. Customer’s use of the Platform poses a security risk to the Platform or other customers;
2. Customer is in material violation of the Acceptable Use Policy; or
3. Required by law enforcement or regulatory authority.

Breeze will provide notice as soon as reasonably practicable after such suspension or termination.

20.5 Effect of Termination

Upon termination:

1. All rights and licenses granted to Customer under this Agreement immediately cease;
2. Customer shall immediately cease using the Platform and uninstall all Agent Software from Managed Devices;
3. Customer shall pay all fees accrued through the termination date;
4. Sections that by their nature should survive termination shall survive, including Sections 9, 15, 16, 17, 18, 19, 21, 23, and 24; and
5. Data handling shall proceed in accordance with Section 21.

21. Data Portability and Post-Termination

21.1 Data Export

During the Subscription Term and for thirty (30) days following termination (“Data Retrieval Period”), Customer may export Customer Data through the Platform’s API or by written request to Breeze support. Breeze will provide data in a standard, machine-readable format (JSON or CSV).

21.2 Data Deletion

After the Data Retrieval Period, Breeze will permanently delete all Customer Data from active systems within thirty (30) days. Data may persist in encrypted backups for up to ninety (90) days, after which it will be purged from all backup systems.

21.3 Transition Assistance

Upon request during the Data Retrieval Period, Breeze will provide reasonable assistance to facilitate Customer’s transition to an alternative provider, including:

1. Data export in machine-readable formats;
2. API access for programmatic data retrieval; and
3. Documentation of data schemas and formats.

Transition assistance beyond standard data export may be subject to Breeze’s then-current professional services rates.

21.4 Agent Decommissioning

Upon termination, Customer is responsible for uninstalling the Agent Software from all Managed Devices. Breeze may provide remote uninstall capabilities or instructions to assist with decommissioning.

22. Compliance and Export Controls

22.1 Export Controls

The Platform and Agent Software may be subject to U.S. export control laws, including the Export Administration Regulations (EAR). Customer shall not export, re-export, or transfer the Platform or Agent Software in violation of applicable export control laws. Customer represents that it is not located in, or a national of, any U.S.-embargoed country and is not on any U.S. government restricted party list.

22.2 Anti-Corruption

Each party represents that it has not and will not make any improper payments to government officials or engage in bribery in connection with this Agreement, in compliance with the U.S. Foreign Corrupt Practices Act (FCPA) and applicable anti-corruption laws.

22.3 Regulatory Compliance

Customer is solely responsible for ensuring that its use of the Platform complies with all applicable laws and regulations in the jurisdictions where it operates and where Managed Devices are located, including but not limited to:

1. HIPAA: If Customer manages devices in healthcare environments, Customer is responsible for executing a Business Associate Agreement (BAA) with Breeze and configuring the Platform accordingly;
2. PCI-DSS: If Customer manages environments processing payment card data;
3. GDPR: If Managed Devices are located in the European Economic Area;
4. CCPA/CPRA: If Customer or End Users are California residents; and
5. State and local privacy laws: Including employee monitoring notification requirements.

22.4 Government Use

If Customer is a U.S. government entity, the Platform and Agent Software are “commercial computer software” and “commercial computer software documentation” as defined in DFAR 252.227-7014 and FAR 12.212, and use is subject to the terms of this Agreement.

23. General Provisions

23.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Colorado, without regard to its conflict of laws principles.

23.2 Dispute Resolution

Any dispute arising under this Agreement shall first be subject to good-faith negotiation for a period of thirty (30) days. If unresolved, disputes shall be submitted to binding arbitration under the rules of the American Arbitration Association (AAA) in Larimer County, Colorado. Each party bears its own costs; the arbitrator may award attorneys’ fees to the prevailing party. Nothing in this section prevents either party from seeking injunctive relief in any court of competent jurisdiction.

23.3 Statute of Limitations

Any claim arising under this Agreement must be filed within two (2) years of the date the claiming party knew or should have known of the claim.

23.4 Waiver of Jury Trial

EACH PARTY IRREVOCABLY WAIVES ANY RIGHT TO A JURY TRIAL IN ANY PROCEEDING ARISING OUT OF OR RELATED TO THIS AGREEMENT.

23.5 Class Action Waiver

ALL DISPUTES SHALL BE RESOLVED ON AN INDIVIDUAL BASIS. NEITHER PARTY SHALL BRING OR PARTICIPATE IN ANY CLASS ACTION, CONSOLIDATED ACTION, OR REPRESENTATIVE ACTION.

23.6 Force Majeure

Neither party shall be liable for delays or failures in performance resulting from events beyond its reasonable control, including but not limited to natural disasters, acts of war or terrorism, cyberattacks against infrastructure providers, pandemics, government actions, or failure of third-party services. This section does not apply to payment obligations. If a force majeure event continues for more than ninety (90) days, either party may terminate this Agreement upon written notice.

23.7 Assignment

Customer may not assign this Agreement without Breeze’s prior written consent. Breeze may assign this Agreement in connection with a merger, acquisition, or sale of substantially all of its assets, provided the assignee assumes all obligations under this Agreement. Any attempted assignment in violation of this section is void.

23.8 Severability

If any provision of this Agreement is held invalid or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving the parties’ original intent.

23.9 Entire Agreement

This Agreement, together with all Order Forms, the DPA, and documents incorporated by reference, constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior agreements, understandings, and representations.

23.10 Notices

Notices under this Agreement shall be in writing and sent to the email address associated with the Customer’s account (for notices to Customer) or to legal@lanternops.io (for notices to Breeze). Notices are deemed received upon confirmed delivery.

23.11 No Third-Party Beneficiaries

This Agreement does not create any third-party beneficiary rights, except that Breeze’s indemnification obligations under Section 19.1 extend to Customer’s officers, directors, and employees.

23.12 Relationship of the Parties

The parties are independent contractors. This Agreement does not create any agency, partnership, joint venture, or employment relationship.

23.13 Vendor Access

Customer acknowledges and consents to Breeze remotely interacting with deployed Agent Software for the purpose of testing, troubleshooting, providing support, or delivering updates, subject to Breeze’s security and access policies.

24. EU-Specific Terms

The following terms apply to any Customer established in the European Economic Area (EEA), the United Kingdom, or Switzerland (each, an “EU Customer”). In the event of a conflict between this Section 24 and the remainder of this Agreement, this Section 24 prevails for EU Customers.

24.1 Applicability

An “EU Customer” is any Customer whose primary place of establishment is in the EEA, the United Kingdom, or Switzerland, or whose use of the Platform involves the processing of personal data of data subjects located in those regions.

24.2 Governing Law and Jurisdiction

Notwithstanding Section 23.1, for EU Customers:

1. This Agreement shall be governed by and construed in accordance with the laws of Ireland (for EEA Customers), the laws of England and Wales (for UK Customers), or the laws of Switzerland (for Swiss Customers);
2. Disputes shall be submitted to the exclusive jurisdiction of the courts of Dublin, Ireland (EEA), London, England (UK), or Zurich, Switzerland (Swiss), as applicable;
3. Sections 23.2 (AAA arbitration), 23.4 (jury trial waiver), and 23.5 (class action waiver) do not apply to EU Customers to the extent they conflict with mandatory local procedural law; and
4. Nothing in this Agreement limits the right of an EU Customer to bring proceedings in any court of competent jurisdiction as permitted by applicable law.

24.3 Changes to Terms

Notwithstanding Section 2.3, material changes to this Agreement require the EU Customer’s affirmative written consent (which may be provided electronically). Continued use of the Platform does not constitute acceptance of material changes for EU Customers. Non-material changes (e.g., clarifications, formatting, updated URLs) may take effect with thirty (30) days’ notice as described in Section 2.3.

24.4 Legal Basis for Processing

Breeze processes personal data on behalf of EU Customers in its capacity as a data processor under GDPR Article 28. The legal basis for processing is the performance of this Agreement (Article 6(1)(b)) and the Customer’s documented instructions (Article 6(1)(f) — legitimate interest, or as otherwise determined by the Customer as data controller). The Customer, as data controller, is responsible for determining and documenting the applicable legal basis for its own processing activities.

24.5 International Data Transfers

Personal data of EU data subjects may be transferred to the United States for processing. Such transfers are conducted under the Standard Contractual Clauses (SCCs) adopted by the European Commission (Implementing Decision (EU) 2021/914), incorporated into the DPA.

If the SCCs are invalidated or otherwise rendered legally insufficient (e.g., due to a court ruling or regulatory action), Breeze will promptly notify the Customer and the parties will cooperate in good faith to implement an alternative lawful transfer mechanism. If no alternative mechanism can be established within ninety (90) days, the Customer may terminate the affected services without penalty.

For transfers from the UK, the International Data Transfer Addendum to the EU SCCs (as issued by the UK Information Commissioner’s Office) applies. For transfers from Switzerland, the SCCs apply as modified by the Swiss Federal Data Protection and Information Commissioner.

24.6 Data Subject Rights

Breeze will assist EU Customers in fulfilling their obligations to respond to data subject requests under GDPR Chapter III (right of access, rectification, erasure, restriction, portability, and objection), including:

1. Providing technical and organizational measures to facilitate responses within the GDPR-mandated timeframes;
2. Promptly redirecting any data subject request received directly by Breeze to the relevant Customer; and
3. Not independently responding to data subject requests except to redirect, unless legally required.

24.7 Data Protection Impact Assessments

Upon reasonable request, Breeze will provide EU Customers with information necessary to conduct Data Protection Impact Assessments (DPIAs) under GDPR Article 35 and, where required, prior consultations with supervisory authorities under Article 36.

24.8 Data Protection Officer

Breeze’s Data Protection Officer can be contacted at dpo@lanternops.io. The DPO serves as the point of contact for EU supervisory authorities and data subject inquiries.

24.9 Supervisory Authority Rights

Nothing in this Agreement restricts an EU Customer’s right, or the right of any data subject, to lodge a complaint with a competent data protection supervisory authority under GDPR Article 77.

24.10 Data Retention and Storage Limitation

Data retention periods set out in Exhibit A are justified by the operational necessity of providing the Platform services. EU Customers may configure shorter retention periods where available. Breeze will not retain personal data beyond what is necessary for the purposes for which it was collected, in accordance with GDPR Article 5(1)(e).

24.11 Warranty and Liability

To the extent that EU mandatory law (including the EU Digital Content Directive 2019/770, the Consumer Rights Directive 2011/83/EU, or their national implementations) provides EU Customers with rights that cannot be excluded or limited by contract:

1. The warranty disclaimers in Section 17 and the limitation of liability in Section 18 shall apply only to the extent permitted by such mandatory law;
2. Breeze warrants that the Platform will conform to the description and functionality set out in the Agreement and will be updated as necessary to maintain conformity during the Subscription Term; and
3. No provision of this Agreement shall be interpreted to exclude or limit liability for damages caused intentionally or by gross negligence, or for death or personal injury.

24.12 UK-Specific Provisions

For Customers established in the United Kingdom:

1. References to “GDPR” include the UK General Data Protection Regulation (UK GDPR) as retained under the Data Protection Act 2018;
2. References to “supervisory authority” include the UK Information Commissioner’s Office (ICO);
3. The UK International Data Transfer Addendum applies to transfers of personal data from the UK; and
4. The governing law is the laws of England and Wales and the courts of London have exclusive jurisdiction, subject to the Customer’s right to bring proceedings in any competent court.

24.13 Survival

The provisions of this Section 24 survive termination of the Agreement to the extent required by applicable EU, UK, or Swiss data protection law.

Exhibit A — Data Retention Schedule

Exhibit B — Supported Platforms

The Agent Software currently supports the following operating systems:

• Windows: Windows 10/11 (x64), Windows Server 2016/2019/2022 (x64)
• macOS: macOS 12 (Monterey) and later (Intel and Apple Silicon)
• Linux: Ubuntu 20.04+, Debian 11+, CentOS/RHEL 8+, Amazon Linux 2+ (x64 and arm64)

Breeze may add or remove platform support with reasonable notice. Agent features may vary by operating system.

Exhibit C — Third-Party AI Providers

The AI-powered features of the Platform currently use the following third-party AI model providers:

Breeze will update this exhibit and notify Customers before adding new AI model providers. Customer Data submitted to AI features is processed in accordance with the DPA and is not used to train third-party AI models.

Lantern Ops, LLC | PO Box 83, Berthoud, CO 80513 | breezermm.com | legal@lanternops.io