On-Prem / Enterprise Addendum

Last updated: February 10, 2026

This On-Prem / Enterprise Addendum (the "Enterprise Addendum") applies only if Customer purchases or enables an Enterprise Deployment (as defined below) in an Order Form or electronic purchase/enablement flow that references these Terms. If no Enterprise Deployment is enabled for Customer, this Enterprise Addendum does not apply. Capitalized terms not defined here have the meanings in the Terms.

1. Definitions

1.1 Enterprise Deployment

"Enterprise Deployment" means any deployment of the Services that is not standard multi-tenant cloud access via H33's hosted endpoints, including (as applicable) (a) On-Prem Deployment, (b) Dedicated Tenant, (c) Private Cloud / VPC Deployment, (d) Customer-Hosted Authority Nodes, or (e) other enterprise deployment options described in an Order Form.

1.2 On-Prem Deployment

"On-Prem Deployment" means software components of the Services deployed into Customer's environment and operated by Customer (or its designated operator) in Customer's facilities, private cloud, or controlled infrastructure.

1.3 Customer Environment

"Customer Environment" means Customer's systems, networks, cloud accounts, facilities, endpoints, identity systems, monitoring tools, and security controls that Customer provides or controls.

1.4 Dedicated Tenant

"Dedicated Tenant" means an H33-hosted environment logically isolated for Customer, as described in an Order Form (if applicable).

1.5 Authority Nodes

"Authority Nodes" means any authority node(s), key-share node(s), or similar components used for threshold/collective authority features, if enabled for Customer.

2. Activation; Scope; Order of Precedence

2.1 Activation

Enterprise Deployment is activated only if expressly identified as enabled/purchased in an Order Form (including via checkbox, SKU, line item, or electronic acceptance). References in Documentation or marketing materials do not obligate H33 to provide an Enterprise Deployment absent activation.

2.2 Scope Limited to Enabled Deployment

This Enterprise Addendum governs only the Enterprise Deployment and enterprise-specific features enabled for Customer. All other use remains governed by the Terms and applicable addenda.

2.3 Precedence

If there is a conflict between this Enterprise Addendum and the Terms, this Enterprise Addendum controls solely with respect to the Enterprise Deployment, unless an Order Form expressly states otherwise.

2.4 Limited Availability; Beta

Enterprise Deployment features may be offered in alpha, beta, pilot, limited availability, or other pre-release form. H33 may modify, suspend, or discontinue Enterprise Deployment features at any time, and makes no commitments regarding backward compatibility, continued availability, or feature parity unless expressly stated in an Order Form.

3. Shared Responsibility Model

3.1 Customer Responsibilities

For any Enterprise Deployment, Customer is solely responsible for:

• the security, configuration, availability, and maintenance of the Customer Environment;
• network connectivity and segmentation;
• patching and hardening of operating systems and dependencies in the Customer Environment;
• physical security (if applicable);
• identity and access management for Customer administrators and Authorized Users;
• endpoint security and credential hygiene; and
• backups, disaster recovery, and business continuity for Customer-hosted components,

except to the extent an Order Form expressly assigns those responsibilities to H33. Customer is solely responsible for monitoring, logging, alerting, and incident response within the Customer Environment, and H33 has no obligation to monitor Customer's Customer Environment.

3.2 H33 Responsibilities

H33 will make available the applicable software components, Documentation, and enterprise support channels described in the Order Form, and will provide updates/patches for H33-provided software components in accordance with Section 6 (Support; Maintenance), subject to the Terms.

3.3 No Shift of Compliance Obligation

Customer remains solely responsible for its compliance obligations, risk assessments, and internal controls. Enterprise Deployment features are tools and do not constitute a compliance program or a system of record.

3.4 High-Risk Use Restriction

Customer will not use the Enterprise Deployment in any safety-critical, life-critical, or emergency services context where failure could result in death, personal injury, or physical property damage, unless expressly authorized in an Order Form with agreed risk controls.

4. Provisioning; Installation; Acceptance

4.1 Prerequisites

Customer will ensure the Customer Environment meets H33's then-current prerequisites (including supported versions, network rules, and baseline hardening guidance) as described in Documentation or the Order Form.

4.2 Installation / Deployment

Unless an Order Form states otherwise, Customer is responsible for installation, configuration, and operation of On-Prem Deployment components in the Customer Environment, including providing required access, credentials, and connectivity for deployment activities.

4.3 Acceptance

Unless an Order Form provides acceptance criteria, the Enterprise Deployment is deemed accepted upon the earlier of: (a) Customer's first production use, or (b) thirty (30) days after H33 makes the Enterprise Deployment available to Customer. Customer's use after acceptance constitutes confirmation that the Enterprise Deployment is operational for Customer's purposes. Acceptance is not a warranty that the Enterprise Deployment will meet Customer's requirements and does not create any obligation for custom development, tuning, or professional services.

4.4 No Professional Services by Default

Any implementation services, training, architecture reviews, or other professional services must be expressly described in an Order Form. Otherwise, Customer is responsible for its implementation and integration.

5. Availability; No SLA Unless Expressly Agreed

5.1 No SLA by Default

Except as expressly stated in an Order Form, H33 does not provide any uptime, response time, throughput, or availability commitments for any Enterprise Deployment.

5.2 On-Prem Availability is Customer-Controlled

For On-Prem Deployments, availability and performance depend on the Customer Environment and Customer's operation of the deployment. H33 is not responsible for outages, degradation, or failures attributable to the Customer Environment, Customer-controlled configurations, or third-party infrastructure not controlled by H33.

6. Support; Maintenance; Updates

6.1 Support Level

Support (including support hours, channels, and response targets if any) is as stated in an Order Form or H33's applicable support policy for the tier. Any response targets or timelines do not constitute guarantees. They are estimates for prioritization purposes only and are not binding obligations unless an Order Form expressly states they are service level commitments with defined remedies.

6.2 Remote Support Access

If remote access is required for support, Customer will provide access in a secure manner reasonably acceptable to Customer (e.g., bastion/VPN/jump host). Customer authorizes H33 to access only what is reasonably necessary to troubleshoot the issue. Customer remains responsible for approving access and maintaining access logs within its environment. Customer controls and supervises all access to the Customer Environment. H33 will not assume administrative responsibility for Customer systems and is not responsible for Customer's security configuration, access policies, or audit logging.

6.3 Telemetry and Diagnostics

Certain logs, diagnostics, and operational metadata may be necessary to provide support. Unless prohibited by the Order Form, Customer will provide relevant logs and diagnostics upon request. Any telemetry or diagnostics collected by H33 will be treated as Confidential Information and handled consistent with the Security Exhibit and Privacy Policy (if applicable). H33 is not obligated to collect, retain, or provide any particular telemetry unless expressly stated in an Order Form.

6.4 Updates and Patches

H33 may provide updates, patches, or new versions for Enterprise Deployment components. Customer is responsible for timely implementation of updates in the Customer Environment, particularly for security patches. H33 may condition ongoing support on Customer running a supported version. If Customer does not timely implement security patches or remains on an unsupported version, H33 may limit or refuse support and may suspend affected modules to protect the Services or reduce security risk.

6.5 Emergency Actions

H33 may recommend or require temporary mitigations (including disabling certain features) to address security risks, manage cost exposure, comply with law, or prevent abuse. Customer is responsible for implementing mitigations in the Customer Environment unless H33 is expressly responsible under an Order Form.

7. Security; Access Controls; Customer Data Handling

7.1 Customer Data in Enterprise Deployments

Customer controls what Customer Data is submitted, processed, and stored within the Enterprise Deployment. Customer is responsible for ensuring Customer Data is lawful, appropriately collected, and appropriate for the configured deployment.

7.2 No Custody / No Key Recovery

Unless expressly agreed in an Order Form, H33 does not provide key escrow, custody, recovery, or fiduciary services for Customer-managed keys, Wallets, or credentials. Customer is responsible for its key management, access controls, and compromise response.

7.3 Security Incident Boundary

A Security Incident is limited to confirmed unauthorized access to Customer Data stored in H33-controlled systems. Incidents occurring solely within the Customer Environment are Customer's responsibility (even if they affect Enterprise Deployment components), unless caused by H33's breach of its obligations under the Terms and applicable exhibits. For clarity, incidents affecting Customer Wallets/keys, Customer-managed credentials, Smart Contracts or blockchain networks not controlled by H33, or third-party services not controlled by H33 are outside H33's Security Incident obligations.

8. Compliance Addenda; No Additional Customer Paper

8.1 Applicable Addenda

If enabled for Customer, the following may apply in addition to this Enterprise Addendum: the Security Exhibit, U.S. State Privacy Addendum, DPA (if any), BAA (if any), Blockchain Addendum (if applicable), KYC/AML Addendum (if applicable), and Token Addendum (if applicable).

8.2 No Additional Customer Terms

Customer may not require H33 to sign or comply with Customer procurement terms, data protection addenda, information security addenda, vendor questionnaires, or other Customer paper, except as expressly agreed in an Order Form. H33's obligations are limited to the Terms and the documents expressly incorporated therein.

8.3 No Audit or Questionnaire Obligation

Unless expressly agreed in an Order Form, H33 has no obligation to complete Customer security questionnaires, respond to audit requests, provide audit reports, or meet Customer-specific security controls beyond those described in the Security Exhibit and applicable addenda. Customer acknowledges that H33 does not provide onsite audit access or in-person facilities visits as part of the Services and is not required to host onsite inspections, walkthroughs, or interviews. Any audit or assessment rights (if any) must be expressly set forth in an Order Form and, absent such agreement, are not provided.

8.4 Standard Assurance Materials (Enterprise Only; If/When Available)

At H33's discretion, H33 may make available to Enterprise Customers certain standard assurance materials from time to time (for example, a SOC 2 report or similar third-party assessment) if and when H33 obtains them. Customer acknowledges that H33 makes no representation that any certification, attestation, or report is currently available and has no obligation to obtain or maintain any certification unless expressly stated in an Order Form. Any assurance materials provided (if any) may be redacted and are provided solely for Customer's internal evaluation purposes, subject to confidentiality obligations, and may not be shared with third parties without H33's prior written consent.

9. Fees; Expenses; Pass-Through Costs

9.1 Fees

Fees for Enterprise Deployment (including recurring fees, credits, usage fees, and any implementation fees) are as set forth in the Order Form or the electronic purchase/enablement flow.

9.2 Pass-Through Costs

Customer is responsible for third-party costs and pass-through expenses incurred in connection with the Enterprise Deployment (e.g., cloud infrastructure, connectivity, third-party services), unless an Order Form expressly states such costs are included.

10. Suspension; Termination; Decommissioning

10.1 Suspension

H33 may suspend Enterprise Deployment access consistent with the Terms, including for non-payment, legal compliance, security risk, abuse prevention, or Customer's failure to maintain a supported version.

10.2 Decommissioning

Upon termination or expiration of the applicable Order Form, Customer will promptly cease use of Enterprise Deployment components. For On-Prem Deployments, Customer will uninstall or disable the H33 components and, upon request, certify deletion of H33 Confidential Information, subject to lawful retention and technical constraints. H33 is not responsible for deletion from the Customer Environment and cannot independently verify Customer's deletion or uninstallation actions.

11. No Expansion of Liability

This Enterprise Addendum does not expand H33's liability or Customer remedies beyond the Terms, and the Terms' disclaimers and limitations of liability apply to this Enterprise Addendum and any Enterprise Deployment.