Tokenized Identity & Smart Contract Addendum

Last updated: February 10, 2026

This Tokenized Identity & Smart Contract Addendum (the "Token Addendum") applies only to the extent Customer enables, accesses, or uses any tokenized identity, decentralized identifier ("DID"), credential issuance, document access control, or smart-contract functionality made available through the Services (collectively, "Token Features"). Token Features are an Optional Module and are governed by this Token Addendum, the Blockchain Addendum (if applicable), and the Terms. Capitalized terms not defined here have the meanings in the Terms.

1. Scope; Key Definitions

1.1 Token Features

Token Features may include:

• issuance or use of a soulbound (non-transferable) identity credential;
• DID binding and decentralized identity anchoring;
• cryptographic key rotation and/or encrypted write-key mechanisms;
• smart contracts supporting identity-linked operations; and/or
• smart contracts for document permissioning, access control, and audit trails.

1.2 On-Chain Identity Credential (SBT)

If enabled, H33 may support issuance and/or use of a non-transferable identity credential (sometimes referred to as a "soulbound NFT" or "SBT") used as an on-chain anchor for identity and DID binding (the "Identity Credential"). The Identity Credential is intended as an identity primitive and not as a financial instrument.

1.3 Smart Contracts

Token Features may interact with one or more smart contracts that implement identity binding, permissioning, attestations, or other functions ("Smart Contracts"). Smart Contracts may be deployed on a third-party Blockchain Network.

1.4 Wallet

Customer is solely responsible for any wallet(s), custody solution(s), private keys, signing devices, recovery phrases, and access controls used in connection with Token Features ("Wallet").

2. Activation; Fees; Dependency on Third Parties

2.1 Activation

Token Features are activated only if expressly enabled in an Order Form (including via a checked box, SKU, or line item) or if Customer affirmatively enables them within the Services (where self-serve enablement is available). If Token Features are not activated, this Token Addendum does not apply.

2.1(a) No Obligation to Issue. H33 may decline to issue, re-issue, or support any Identity Credential or Token Feature for any reason, including risk controls, compliance concerns, suspected abuse, or technical limitations.

2.1(b) Eligibility and Risk Controls. H33 may impose eligibility requirements, usage limits, or additional controls for Token Features at any time, including to comply with law, manage risk, or prevent abuse.

2.2 Fees and Pass-Through Costs

Token Features may incur separate fees, credit consumption, Blockchain Network fees, and third-party costs. Customer is responsible for all such fees and costs, including pass-through costs advanced by H33, in accordance with the Terms and the Billing & Credits Policy. H33 is not obligated to advance Blockchain Network fees or third-party costs on Customer's behalf and may require Customer to pay such fees directly or maintain a prepaid balance as a condition of continued access to Token Features.

2.3 Third-Party Terms

Token Features depend on third-party Blockchain Networks and may depend on third-party Wallet providers or infrastructure. Customer's use of those third-party services may be subject to third-party terms, and H33 is not responsible for third-party services.

3. Customer Responsibilities (High Importance)

3.1 Configuration and Use

Customer is responsible for deciding whether and how to use Token Features and for ensuring Token Features are appropriate for Customer's use case.

3.2 Wallet and Key Management

Customer is solely responsible for Wallet security, key custody, access controls, key compromise response, device security, and recovery procedures. H33 does not provide key custody, key escrow, key recovery, or fiduciary services. Loss of private keys or Wallet access may be permanent.

3.3 No Sensitive Data On-Chain

Customer will not submit, write, or cause to be written to any Blockchain Network (including via identifiers, hashes, pointers, metadata, permissions, access tokens, or embedded references):

• plaintext biometric data;
• sensitive personal data;
• PHI;
• payment card data;
• government identifiers; or
• any data that Customer is not legally permitted to disclose or that would create an obligation to delete, correct, or provide access that cannot reasonably be satisfied on a Blockchain Network.

3.4 End User Notices and Consents

Customer is solely responsible for providing required notices and obtaining any required consents or releases related to identity credentials, DID binding, credential issuance, or immutable logging.

3.5 Compliance

Customer is solely responsible for compliance with all laws applicable to its use of Token Features, including privacy, biometric, consumer protection, and export control/sanctions laws.

4. No Financial Services; No Custody; No Advice

4.1 Not a Financial Institution; No Custody

Customer acknowledges that H33 is not a bank, money services business, money transmitter, broker-dealer, investment adviser, payment processor, escrow agent, custodian, or fiduciary. H33 does not custody customer assets or control Customer's Wallets or keys.

4.2 No Investment or Value Promise

Identity Credentials (including SBTs) and Token Features are not intended to be investment products or securities and are not offered with any promise of profit, appreciation, liquidity, or market value.

4.3 No Financial, Legal, or Tax Advice

Nothing in the Services, Token Features, or Documentation constitutes financial, investment, legal, tax, or regulatory advice. Customer must consult its own advisors.

4.4 Regulated Activity Determination

Customer is solely responsible for determining whether its use case constitutes a regulated financial activity (including money transmission, MSB activity, broker-dealer activity, or other regulated services) and for implementing any required compliance program.

4.5 No Identity Determination

Token Features provide technical mechanisms for credentialing and cryptographic binding. H33 does not verify, guarantee, or certify that any Identity Credential corresponds to a particular real-world person, and Customer is solely responsible for enrollment, proofing, and any reliance on identity assertions.

5. Smart Contract and Blockchain Risks; Irreversibility

5.1 Irreversibility

Blockchain transactions and Smart Contract operations may be irreversible. Once data, permissions, or attestations are recorded, they may not be deletable or modifiable.

5.2 No Guaranteed Deletion or Rectification

H33 cannot guarantee deletion, rectification, or removal of on-chain records or Smart Contract state, even if requested.

5.3 Network and Smart Contract Risk

Smart Contracts and Blockchain Networks may be subject to vulnerabilities, exploits, protocol changes, forks, congestion, validator failures, reorgs, downtime, or unexpected behavior. H33 is not responsible for third-party Blockchain Network failures.

5.4 Service Protection Controls

H33 may suspend, throttle, rate-limit, disable, or modify Token Features at any time to protect the Services, manage cost exposure, comply with law, respond to security risk, or prevent abuse, without liability.

5.5 Smart Contract Code Risk

Smart Contracts may contain vulnerabilities, errors, or unintended behaviors and may not be independently audited. Customer assumes all risk arising from Smart Contract interaction and deployment, including any loss of access, loss of data, loss of permissions, or adverse outcomes caused by Smart Contract behavior.

6. Document Permissioning and Access Control (If Enabled)

6.1 Customer-Controlled Content

Any documents, metadata, identifiers, permissions, or instructions Customer associates with Token Features are Customer Data. Customer is solely responsible for the legality of the content and for ensuring it is suitable for tokenized permissioning and (if applicable) immutable audit trails.

6.2 Not a System of Record

Token Features (including document permissioning and audit trails) are provided as a technical tool and are not intended to be Customer's system of record for legal, regulatory, or audit obligations. Customer is responsible for maintaining independent records required by law or contract.

7. KYC/AML Integration (If Enabled)

7.1 Optional KYC Services

If Customer uses Token Features in connection with KYC/AML workflows, Customer's use of such functionality is also governed by the KYC/AML Addendum, if activated.

7.2 No Guarantee of Compliance Outcomes

Token Features (including any cryptographic attestation or "prove once, reuse" workflow) do not guarantee compliance with any regulator, auditor, bank, or counterparty. Customer is solely responsible for compliance outcomes.

7.3 No "Prove Once, Reuse" Reliance

Any "prove once, reuse" workflow is a technical convenience and does not establish legal sufficiency for any jurisdiction, regulator, bank, auditor, or counterparty. Customer must independently determine required verification frequency, re-check cadence, and retention practices.

8. Disclaimers

9. Indemnity (Token-Specific)

Customer will defend, indemnify, and hold harmless H33 and its Affiliates from and against claims, liabilities, penalties, losses, and expenses (including reasonable attorneys' fees) arising out of or related to:

• Customer's use of Token Features;
• Customer's Wallet/key management or compromise;
• Customer's on-chain submissions, permissions, or instructions;
• Customer's failure to provide required notices/consents;
• Customer's regulated activity determinations or compliance failures; or
• allegations that Customer's use of Token Features violated privacy, consumer protection, AML/sanctions, or data protection laws.

10. No Expansion of Liability

This Token Addendum does not expand H33's liability or Customer remedies beyond the Terms, and the Terms' limitations of liability apply to this Token Addendum.