# Terms of Service

**Last Updated: May 13, 2026**

**IMPORTANT NOTICE — PLEASE READ CAREFULLY. THESE TERMS CONTAIN A BINDING ARBITRATION CLAUSE, A CLASS ACTION WAIVER, AND A WAIVER OF JURY TRIAL (SECTION 12). BY USING THE SERVICES, YOU AGREE THAT DISPUTES WILL BE RESOLVED ON AN INDIVIDUAL BASIS THROUGH BINDING ARBITRATION SEATED IN MIAMI-DADE COUNTY, FLORIDA, AND THAT YOU AND iMASH ARE EACH WAIVING THE RIGHT TO A JURY TRIAL AND TO PARTICIPATE IN A CLASS OR REPRESENTATIVE ACTION, EXCEPT AS EXPRESSLY PROVIDED BELOW.**

These Terms of Service (the “Terms”) form a binding agreement between iMash, Inc., a company headquartered in Miami, Florida (“iMash,” “we,” “us,” or “our”), and the individual or entity accessing or using the Services (“Customer,” “you,” or “your”). The Terms, together with our [Privacy Policy](./privacy-policy.md) and any order forms, plan descriptions, or DPAs/BAAs executed by the parties (collectively, the “Agreement”), govern your access to and use of the iMash platform and related services (the “Services”).

If you are entering into the Agreement on behalf of an entity, you represent and warrant that you have authority to bind that entity, and references to “Customer” mean that entity and its authorized users. If you do not agree to the Terms, do not access or use the Services.

—

## 1. Eligibility and Account Registration

### 1.1 Eligibility

You must be at least 18 years old to access or use the Services. The Services are not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly permit them to register. You represent and warrant that:

– you are not located in, under the control of, or a national or resident of any country or territory subject to comprehensive U.S. sanctions (currently including Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, Luhansk, and Zaporizhzhia regions);

– you are not listed on the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) Specially Designated Nationals (“SDN”) list, the U.S. Department of Commerce’s Denied Persons or Entity Lists, the EU Consolidated List of Sanctions, the UK HM Treasury Consolidated List, or any other applicable sanctions or denied-parties list;

– your use of the Services will comply with all applicable export controls, sanctions, and import laws.

iMash may suspend or terminate access immediately if any of the foregoing becomes untrue.

### 1.2 Account Registration

To use the Services, you must register an account and provide accurate, current, and complete information. You are responsible for:

– maintaining the confidentiality of your credentials and any API keys;

– enabling multi-factor authentication where available;

– all activities conducted under your account;

– promptly notifying us at `support@imash.io` of any actual or suspected unauthorized use.

You may not share accounts, and individual logins must not be used by more than one person.

—

## 2. Description of Services

### 2.1 Platform

The Services include, depending on the customer’s plan and configuration: AI voice agents (inbound and outbound), SIP-based telephony bridging, AI-driven CRM, omnichannel messaging (SMS, MMS, WhatsApp, email, social), call routing and dispatch, workflow automation, knowledge-base retrieval, analytics, a technician dashboard, an administrative web application, and associated APIs and developer tooling.

### 2.2 Professional Services

iMash may, from time to time and at its sole discretion, offer custom development, integration, implementation, configuration, training, and consulting services (“Professional Services”). Professional Services are subject to a separate statement of work or order form. To inquire, contact `support@imash.io`.

### 2.3 Beta and Preview Features

From time to time, iMash may make features available that are designated as “beta,” “preview,” “alpha,” “early access,” or similar (collectively, “Beta Features”). Beta Features are provided **AS IS** and **AS AVAILABLE**, without any warranty, service-level commitment, or commitment that the Beta Feature will become generally available. iMash may modify, suspend, or remove Beta Features at any time without notice. Customer’s use of Beta Features is voluntary, and Customer assumes all risk arising from such use.

### 2.4 No Implied Service Level

Except as expressly set forth in a separately executed enterprise order form or service-level agreement, the Services are provided without any uptime, latency, throughput, or response-time commitment. Marketing materials and documentation do not constitute service-level commitments.

—

## 3. Payment, Fees, and Billing

### 3.1 Pricing

Fees for the Services are described on our pricing page or in an applicable order form. Fees may include subscription fees, per-seat fees, per-minute or per-message usage fees, AI model usage fees passed through from sub-processors, telephony charges, professional services fees, and applicable taxes.

### 3.2 Payment Authorization

By providing a payment method, Customer authorizes iMash and its payment processors to charge that method for all fees incurred under the Agreement, including recurring subscription fees, overages, and pre-authorized balance top-ups.

### 3.3 Auto-Renewal

Subscriptions automatically renew for successive periods of equal length unless Customer cancels in accordance with the platform’s cancellation procedures before the end of the then-current term. Cancellations take effect at the end of the then-current billing period unless otherwise stated; fees already paid are non-refundable except as expressly required by law.

### 3.4 Usage-Based Billing and Auto-Charging

Where Customer enables usage-based features (e.g., AI voice minutes, telephony, AI model passthrough), Customer’s stored payment method may be automatically charged when the prepaid balance falls below a configured threshold or as charges accrue.

### 3.5 Payment Information

Customer is responsible for keeping payment information current and accurate. If a charge fails, iMash may retry, suspend usage, or terminate the account.

### 3.6 Invoicing

For invoiced customers, payment is due net 14 days from the invoice date unless otherwise specified on the order form.

### 3.7 Late Payment, Suspension, and Collections

If amounts are not paid when due, iMash may:

– charge a late fee equal to the **lesser of 1.5% per month (18% per annum) or the maximum permitted by applicable law**;

– after a 7-day grace period following the due date, suspend the Services;

– engage a collection agency, in which case Customer is responsible for reasonable collection costs and attorneys’ fees as permitted by law.

### 3.8 Rate Changes

iMash may change pricing for non-fixed-term plans by posting the updated rates on the pricing page or by notice to the account billing contact. Continued use after the effective date constitutes acceptance. For fixed-term order forms, pricing is governed by the order form and renewal terms specified therein.

### 3.9 Taxes

Fees are exclusive of taxes. Customer is responsible for all sales, use, value-added, GST, excise, telecommunications, regulatory recovery, and similar taxes, levies, and fees, except for taxes based on iMash’s net income.

### 3.10 No Refunds

Except as expressly stated in the Agreement or required by law, all payments are non-refundable.

—

## 4. Acceptable Use and Customer Obligations

### 4.1 Lawful Use

Customer will use the Services only for lawful purposes and in compliance with the Agreement, all applicable laws and regulations, and the published documentation.

### 4.2 Prohibited Conduct

Customer will not (and will not permit any user, end customer, or third party to):

– use the Services for any unlawful, fraudulent, harmful, deceptive, defamatory, harassing, threatening, or obscene purpose;

– infringe or misappropriate any intellectual property, privacy, publicity, or other right;

– send spam or unsolicited communications, or otherwise violate anti-spam or unsolicited-communications laws;

– attempt to gain unauthorized access to any system, account, network, or data;

– interfere with, disrupt, or impose unreasonable load on the Services, iMash’s infrastructure, our sub-processors, or any third party;

– reverse engineer, decompile, disassemble, or otherwise attempt to derive source code from the Services, except to the extent that applicable law expressly permits despite this limitation;

– copy, frame, mirror, sell, resell, rent, lease, sublicense, time-share, or otherwise commercially exploit the Services or its functionality except as expressly permitted;

– build a competing product or service using the Services or our documentation, or benchmark the Services for competitive purposes;

– circumvent any technical limitations, rate limits, or access controls;

– bypass identity verification or “know your customer” requirements, or provide false information during onboarding;

– use the Services in connection with weapons of mass destruction, nuclear or biological/chemical weapons, missile technology, or other end uses prohibited under U.S. export controls.

### 4.3 Telemarketing and Communications Compliance

Customer is solely responsible for compliance with all laws governing telephone, SMS, MMS, email, fax, and other communications it initiates or sends through the Services, including without limitation:

a. **TCPA, TSR, FCC, FTC, and state mini-TCPAs.** The Telephone Consumer Protection Act (47 U.S.C. § 227), the FTC’s Telemarketing Sales Rule, the CAN-SPAM Act, FCC and FTC orders and rules, and the Florida Telephone Solicitation Act (“FTSA”) and analogous state laws (including in Washington, Oklahoma, and other states).

b. **AI voice as “artificial or prerecorded.”** Customer acknowledges that the FCC’s 2024 declaratory ruling treats AI-generated voices used in calls to consumers as “artificial or prerecorded voice” under the TCPA, requiring **prior express written consent** for AI-voice marketing calls to wireless numbers and most residential numbers. Customer is responsible for obtaining and documenting such consent prior to initiating any AI voice campaign.

c. **Consent.** Customer will obtain and document prior express written consent (or other applicable level of consent) before placing autodialed, AI-generated, or prerecorded calls or texts for marketing purposes. Customer will retain proof of consent for at least five (5) years (or longer if required by law) and will produce such records to iMash within ten (10) business days of a reasonable request (e.g., in connection with an FCC/FTC inquiry, subpoena, or sub-processor audit).

d. **Do Not Call.** Customer will scrub against the National Do Not Call Registry no less than every 31 days, honor internal DNC requests promptly, and honor company-specific opt-outs. Customer will not initiate marketing calls to numbers on any applicable DNC list except where a recognized exemption applies (e.g., established business relationship, where permitted).

e. **No spoofing or misleading caller ID.** Customer will not transmit inaccurate or misleading caller ID information in violation of the Truth in Caller ID Act or analogous laws.

f. **Required disclosures and opt-outs.** Calls and messages will include all legally required disclosures (including identification of the caller, statement of the call’s purpose, and that an artificial or prerecorded voice or AI is being used where applicable) and a clear opt-out mechanism that is honored within the timeframes required by law.

g. **Recording consent.** Customer will obtain all consents required to record calls (including all-party consent where applicable), to use analytics on recorded calls, and to retain or share recordings with sub-processors.

h. **Calling times.** Customer will not initiate marketing calls outside of 8:00 a.m. to 9:00 p.m. local time at the called party’s location, except where the applicable jurisdiction permits a different window.

### 4.4 Fraud Prevention and Rights of Publicity

Customer will not use the Services to commit fraud, impersonate any person, or generate synthetic or “cloned” voices or likenesses without all required consents from the individuals depicted, including under Florida’s right-of-publicity and likeness-protection statutes and analogous laws.

### 4.5 System Integrity

Customer will not engage in any conduct that disrupts or impairs the Services, iMash’s infrastructure, our sub-processors, or other customers, including denial-of-service, port-scanning, intrusive testing without prior written authorization, or attempts to bypass tenant isolation.

### 4.6 API Use and Rate Limits

Customer will respect documented rate limits and use only documented APIs. Automated scraping, harvesting of platform data outside of provided APIs, and use of the Services to compile competitive intelligence are prohibited.

### 4.7 Customer Audit / Compliance Reps

Customer represents that it maintains reasonable policies and processes to: (i) obtain and document consents required under Section 4.3; (ii) scrub against required DNC lists; (iii) honor consumer opt-out requests; and (iv) respond to consumer privacy requests. On iMash’s reasonable request (for example, in connection with an FCC/FTC inquiry, subpoena, or sub-processor audit), Customer will provide consent records and related compliance documentation within ten (10) business days.

### 4.8 Insurance (Enterprise)

For enterprise customers using the Services at meaningful scale, iMash may require Customer to maintain, at Customer’s expense, commercial general liability insurance and cyber liability / technology errors and omissions insurance with limits reasonable for the volume and nature of Customer’s use, and to name iMash as an additional insured where reasonably requested.

—

## 5. Intellectual Property Rights

### 5.1 iMash IP

iMash and its licensors own all right, title, and interest in and to the Services, including all software, code, models, models’ weights to the extent owned by iMash, documentation, designs, user interfaces, trademarks, logos, and improvements thereto (the “iMash IP”). Except for the limited license in Section 5.2, no rights in the iMash IP are granted to Customer.

### 5.2 Customer License

Subject to the Agreement, iMash grants Customer a non-exclusive, non-transferable, non-sublicensable, revocable license, during the term, to access and use the Services solely for Customer’s internal business purposes (or, in the case of resellers and white-label operators, as expressly permitted under a separately executed reseller or partner agreement).

### 5.3 Restrictions

Customer will not, and will not permit any third party to: (a) modify, translate, or create derivative works of the Services; (b) reverse engineer, decompile, or disassemble the Services; (c) sell, resell, rent, lease, sublicense, distribute, or commercially exploit the Services; (d) remove, alter, or obscure proprietary notices; (e) use the Services to develop a competing product or service; or (f) use the Services in a service bureau, time-share, or hosted-for-others model except under a separately executed reseller or partner agreement.

### 5.4 Customer Content

Customer retains all right, title, and interest in and to data, materials, and content that Customer or its users submit to or generate through the Services (“Customer Content”). Customer grants iMash a worldwide, non-exclusive, royalty-free license to host, store, transmit, process, display, and otherwise use Customer Content solely as necessary to provide and maintain the Services, to enforce the Agreement, and to comply with law.

### 5.5 AI-Generated Content

Subject to the Agreement and Customer’s payment of fees:

– Customer may use outputs generated by the Services (“AI Outputs”) for Customer’s internal business purposes and lawful external use.

– AI Outputs are **probabilistic** and may be incomplete, inaccurate, fabricated, biased, or otherwise unsuitable. Customer is solely responsible for evaluating AI Outputs and **must independently verify** any AI Output before relying on it for medical, legal, financial, employment, housing, credit, safety, or other high-stakes decisions.

– iMash makes **no representation or warranty** that AI Outputs are accurate, original, non-infringing, or fit for any particular purpose, and Customer assumes all risk associated with its use of AI Outputs.

– Customer indemnifies iMash for any use of AI Outputs that violates applicable law or any third party’s rights.

– iMash does **not** train its own foundation models on Customer Content, and does not authorize sub-processors to do so, except where Customer affirmatively opts in. Customer is responsible for reviewing and configuring its selected AI sub-processors’ training, retention, and abuse-monitoring settings.

– iMash retains all right, title, and interest in and to its underlying AI infrastructure, prompts, scaffolding, and models, and nothing in the Agreement grants Customer any right in such IP.

### 5.6 Feedback

If Customer provides suggestions, ideas, comments, improvements, or other feedback regarding the Services (“Feedback”), Customer grants iMash a perpetual, irrevocable, worldwide, royalty-free, transferable, sublicensable license to use, exploit, and incorporate the Feedback for any purpose, without obligation or compensation to Customer.

### 5.7 Customer Marks and Publicity

Customer grants iMash a limited, non-exclusive license to use Customer’s name and logo to identify Customer as a customer of iMash on iMash’s website, sales materials, customer lists, and press releases. Customer may opt out at any time by writing to `legal@imash.io`. Press releases, joint announcements, and case studies that quote Customer will require Customer’s prior approval.

—

## 6. Customer Content, Data Processing, Sub-processors, and Call Recording

### 6.1 Responsibility for Customer Content

Customer is solely responsible for Customer Content and for ensuring that the collection, use, processing, transfer, and storage of Customer Content through the Services complies with applicable law and any third-party rights.

### 6.2 Privacy and Processor Role

Processing of personal data under the Agreement is governed by the [Privacy Policy](./privacy-policy.md). For Customer Content that contains personal data, iMash acts as a **processor** (or “service provider”) and Customer acts as the **controller** (or “business”).

### 6.3 Data Processing Agreement and BAA

A Data Processing Agreement (“DPA”) is available on request at `privacy@imash.io` and is incorporated into the Agreement by reference for customers processing personal data subject to GDPR, UK GDPR, FADP, or U.S. state privacy laws. A Business Associate Agreement (“BAA”) under HIPAA is available for HIPAA-covered customers on request; absent an executed BAA, Customer represents that it will not transmit Protected Health Information (“PHI”) through the Services.

### 6.4 Sub-processors

A current list of iMash’s sub-processors is published at our trust center: `https://dashboard.imash.io/security`. Material changes to the sub-processor list will be reflected on the trust center page. Customers may subscribe to update notifications via the trust center. Customer has the right to object to a new sub-processor in writing within **thirty (30) days** of its publication; if iMash cannot reasonably accommodate the objection, Customer’s exclusive remedy is to terminate the affected portion of the Services without further fees beyond the date of termination.

### 6.5 Call Recording and Communications Data

a. Customer will obtain all consents required by applicable law (including all-party consent where required) before recording, intercepting, or analyzing communications conducted through the Services.

b. Customer grants iMash permission to record, store, process, transcribe, analyze, and route call audio and communications data on Customer’s behalf as part of providing the Services.

c. iMash may use de-identified and aggregated metadata (excluding identifying Customer Content) to operate, secure, and improve the Services, consistent with applicable law and the Privacy Policy.

d. Nothing in this Section 6 diminishes Customer’s obligations under Section 4.3 or applicable law.

—

## 7. Confidentiality

Each party (“Receiving Party”) will protect the other party’s (“Disclosing Party”) non-public information disclosed in connection with the Agreement (“Confidential Information”) with at least the same degree of care it uses to protect its own confidential information of a similar nature, and in no event less than reasonable care, and will not use or disclose Confidential Information except as needed to exercise rights or perform obligations under the Agreement. The obligations in this Section 7 do not apply to information that: (i) is or becomes publicly available through no fault of the Receiving Party; (ii) was rightfully known to the Receiving Party prior to disclosure without obligation of confidentiality; (iii) is rightfully received from a third party without restriction; or (iv) is independently developed without use of the Confidential Information. A Receiving Party may disclose Confidential Information as required by law or legal process, provided that (where lawful) it gives the Disclosing Party prompt notice and reasonable opportunity to seek protective measures.

—

## 8. Term and Termination

### 8.1 Term

The Agreement starts when Customer first accepts the Terms or accesses the Services, and continues until terminated as set forth herein or in an applicable order form.

### 8.2 Termination by Customer

Customer may cancel subscription Services through the in-product cancellation flow. Cancellation takes effect at the end of the then-current billing period. Pre-paid fees are non-refundable except as required by law.

### 8.3 Termination or Suspension by iMash

iMash may suspend or terminate the Services, in whole or in part, immediately upon written notice (which may be by email) if: (a) Customer materially breaches the Agreement and fails to cure within 10 days of notice (or immediately, where cure is not possible); (b) Customer violates the acceptable use provisions in Section 4; (c) iMash reasonably believes suspension is necessary to comply with law, protect the Services, or protect third parties from harm or fraud; (d) Customer’s account is inactive for an extended period; or (e) Customer is the subject of sanctions or export-control restrictions. iMash may also terminate the Services for convenience upon thirty (30) days’ notice.

### 8.4 Effect of Termination

Upon termination: (a) all licenses granted under the Agreement cease; (b) Customer must stop using the Services; (c) Customer’s right to access Customer Content through the Services may end, and iMash may delete Customer Content from production systems following the retention window described in the Privacy Policy or applicable DPA; (d) all fees accrued or payable through the effective date of termination remain due; (e) Sections that by their nature should survive termination — including Sections 3 (for accrued fees), 4 (for obligations relating to communications already initiated), 5 (other than the customer license in 5.2), 6, 7, 9, 10, 11, 12, 13, 14, and 15 — survive termination.

—

## 9. Warranty Disclaimer

THE SERVICES, INCLUDING ALL SOFTWARE, AI OUTPUTS, CONTENT, DOCUMENTATION, AND PROFESSIONAL SERVICES, ARE PROVIDED **”AS IS”** AND **”AS AVAILABLE”** WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, iMASH DISCLAIMS ALL WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING, USAGE, OR TRADE.

iMASH DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, SECURE, OR ERROR-FREE, THAT DEFECTS WILL BE CORRECTED, THAT THE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, OR THAT AI OUTPUTS WILL BE ACCURATE, COMPLETE, NON-INFRINGING, OR FIT FOR ANY PURPOSE. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY iMASH OR ITS PERSONNEL CREATES ANY WARRANTY.

CUSTOMER ASSUMES ALL RISK ARISING FROM THE USE OF THE SERVICES, INCLUDING ANY RISK OF DATA LOSS, COMMUNICATIONS DELIVERABILITY, REGULATORY EXPOSURE, AND DECISIONS MADE BASED ON AI OUTPUTS.

—

## 10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL iMASH, ITS AFFILIATES, OR ANY OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, GOODWILL, BUSINESS, ANTICIPATED SAVINGS, DATA, OR USE, ARISING OUT OF OR RELATED TO THE AGREEMENT OR THE SERVICES, EVEN IF iMASH HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

iMASH’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THE AGREEMENT OR THE SERVICES, REGARDLESS OF THE FORM OF ACTION (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE), WILL NOT EXCEED THE GREATER OF (A) THE FEES ACTUALLY PAID BY CUSTOMER TO iMASH UNDER THE AGREEMENT IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS (US$100).

THE FOREGOING LIMITATIONS APPLY EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES, SO PORTIONS OF THIS SECTION MAY NOT APPLY TO YOU.

—

## 11. Indemnification

Customer will defend, indemnify, and hold harmless iMash, its affiliates, and their respective officers, directors, employees, and agents from and against any and all third-party claims, demands, actions, proceedings, losses, damages, liabilities, judgments, fines, penalties, settlements, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to:

a. Customer’s breach of the Agreement, including the acceptable use provisions in Section 4;

b. Customer’s use of, or inability to use, the Services, including Customer’s communications campaigns, telemarketing, messaging, and AI voice campaigns;

c. Customer’s violation of any applicable law or regulation, including the TCPA, TSR, CAN-SPAM, FCC and FTC rules, state mini-TCPAs (including the FTSA), privacy laws (including GDPR, UK GDPR, CCPA/CPRA, and other U.S. state laws), consumer protection laws, export controls, and sanctions;

d. Customer Content or AI Outputs created, transmitted, or used by Customer, and any claim that Customer Content or AI Outputs infringe or misappropriate any third party’s rights;

e. Customer’s failure to obtain or maintain consents required for call recording, marketing communications, voice cloning, or processing of personal data;

f. Disputes between Customer and any end user, end customer, or third party.

iMash will provide prompt notice of any claim and reasonable cooperation, at Customer’s expense. iMash may participate in the defense with counsel of its choosing at its own expense. Customer will not settle any claim that imposes any obligation or admission on iMash without iMash’s prior written consent.

—

## 12. Dispute Resolution, Governing Law, and Arbitration

### 12.1 Governing Law

The Agreement and any dispute arising out of or related to it or the Services are governed by the laws of the **State of Florida**, without regard to its conflict-of-laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

### 12.2 Informal Resolution

Before initiating arbitration or litigation, the parties will attempt in good faith to resolve any dispute by informal negotiation. The party initiating the dispute will send a written description of the dispute, the relief sought, and contact information to `legal@imash.io` (for disputes against iMash) or to Customer’s account email (for disputes against Customer). If the dispute is not resolved within **sixty (60) days** of the notice, either party may proceed under Section 12.3.

### 12.3 Binding Arbitration

Except for the matters expressly excluded in Section 12.6, **any dispute, claim, or controversy arising out of or related to the Agreement or the Services will be resolved by final and binding arbitration**, administered by **JAMS** under its **Comprehensive Arbitration Rules and Procedures** then in effect (or, if JAMS is unavailable or declines jurisdiction, by the **American Arbitration Association** under its **Commercial Arbitration Rules**). The arbitration will be conducted by a single arbitrator, will be seated in **Miami-Dade County, Florida**, and will be conducted in English. Judgment on the award may be entered in any court of competent jurisdiction. The Federal Arbitration Act, 9 U.S.C. §§ 1 et seq., governs the interpretation and enforcement of this Section 12.

### 12.4 Class Action Waiver

**THE PARTIES AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN AN INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, CONSOLIDATED, REPRESENTATIVE, OR PRIVATE ATTORNEY GENERAL ACTION.** The arbitrator may not consolidate claims of more than one person or preside over any form of representative or class proceeding. If this class-action waiver is found unenforceable as to a particular claim, that claim will be severed from the arbitration and litigated in the courts identified in Section 12.7; the remainder of the arbitration agreement remains enforceable.

### 12.5 Jury Trial Waiver

**TO THE MAXIMUM EXTENT PERMITTED BY LAW, EACH PARTY KNOWINGLY AND VOLUNTARILY WAIVES ANY RIGHT TO TRIAL BY JURY IN ANY ACTION ARISING OUT OF OR RELATED TO THE AGREEMENT OR THE SERVICES.**

### 12.6 Exceptions

Either party may bring a claim: (a) in any small claims court of competent jurisdiction for claims within that court’s jurisdiction; or (b) in a court of competent jurisdiction for injunctive or other equitable relief to protect intellectual property rights (including patent, copyright, trademark, or trade secret claims) or to enjoin unauthorized access to the Services.

### 12.7 Exclusive Jurisdiction if Arbitration is Inapplicable

If a dispute is not subject to arbitration under Section 12.6 or if a court finds the arbitration agreement unenforceable as to any claim, the parties submit to the **exclusive jurisdiction and venue of the state and federal courts located in Miami-Dade County, Florida**, and waive any objection to such jurisdiction or venue on the basis of forum non conveniens.

### 12.8 Notice and Registered Agent

Legal notices to iMash should be sent to `legal@imash.io` and to the mailing address in Section 15.7. iMash may update its designated agent for legal notice from time to time; check the trust center for the current designation.

### 12.9 Statute of Limitations

To the maximum extent permitted by law, any claim must be brought within **one (1) year** after the cause of action arose; otherwise, the claim is permanently barred.

—

## 13. Modifications to the Terms

iMash may modify the Terms from time to time. For material changes, iMash will provide notice (by updating the “Last Updated” date, by email to the account billing contact, or by in-product notification). Continued use of the Services after the effective date of the modified Terms constitutes acceptance. If Customer does not agree to the modified Terms, Customer’s exclusive remedy is to terminate the Services in accordance with Section 8.

—

## 14. DMCA / Copyright Policy

iMash respects the intellectual property rights of others and complies with the Digital Millennium Copyright Act (“DMCA”). If you believe content accessible through the Services infringes your copyright, send a notice to our designated DMCA agent at `dmca@imash.io` containing:

1. a physical or electronic signature of the copyright owner or authorized agent;

2. identification of the copyrighted work claimed to be infringed;

3. identification of the material claimed to be infringing and information sufficient to locate it;

4. your contact information (address, telephone number, email);

5. a statement, made under penalty of perjury, that you have a good-faith belief that use of the material is not authorized by the copyright owner, its agent, or the law; and

6. a statement that the information in the notice is accurate and that you are the copyright owner or are authorized to act on its behalf.

Counter-notices may be submitted to the same address and must contain the elements required by 17 U.S.C. § 512(g). iMash may terminate the accounts of users who are determined to be repeat infringers.

—

## 15. Miscellaneous

### 15.1 Severability

If any provision of the Agreement is held to be invalid, illegal, or unenforceable, that provision will be enforced to the maximum extent permitted by law, and the remaining provisions will remain in full force and effect.

### 15.2 Assignment

Customer may not assign or transfer the Agreement, by operation of law or otherwise, without iMash’s prior written consent; any attempted assignment in violation of this Section is void. iMash may assign or transfer the Agreement, in whole or in part, without restriction, including to an affiliate or in connection with a merger, acquisition, financing, or sale of all or substantially all of its assets or business. The Agreement binds and benefits the parties and their permitted successors and assigns.

### 15.3 Waiver

No failure or delay by either party in exercising any right under the Agreement constitutes a waiver of that right. No waiver is effective unless in writing and signed by the waiving party.

### 15.4 Force Majeure

Neither party will be liable for any delay or failure to perform (other than payment obligations) caused by events beyond its reasonable control, including acts of God, natural disasters, war, terrorism, insurrection, civil disturbance, pandemic, epidemic, governmental action, embargo, strike or labor disturbance, telecommunications or internet outages, cloud-provider outages, denial-of-service attacks, AI model-provider outages or rate limits, third-party telephony or messaging provider outages, or any other event of force majeure (“Force Majeure Event”). The affected party will use reasonable efforts to mitigate and resume performance.

### 15.5 Independent Contractors; No Agency; No Third-Party Beneficiaries

The parties are independent contractors. Nothing in the Agreement creates any partnership, joint venture, agency, fiduciary, or employment relationship between the parties. The Agreement does not create any third-party beneficiary rights in any person, except as expressly stated.

### 15.6 Notices

Notices to Customer may be sent to the email address associated with the Customer’s account or to a billing contact listed on an order form. Notices to iMash must be sent to `legal@imash.io` with a copy to the iMash mailing address in Section 15.7. Notices are effective on receipt for email, or three business days after deposit with a recognized courier for hard copy.

### 15.7 Contact and Mailing Address

iMash, Inc.

Attn: Legal Department

<!– TODO: fill in street address –>

Miami, FL [ZIP — TBD]

United States

Email contacts:

– Legal / disputes: `legal@imash.io`

– Privacy: `privacy@imash.io`

– DMCA agent: `dmca@imash.io`

– Support / professional services: `support@imash.io`

– Security disclosure / catch-all: `contact@imash.io`

– Trust center: `https://dashboard.imash.io/security`

### 15.8 Export Controls and Sanctions

The Services and any technology made available under the Agreement are subject to U.S. export control and sanctions laws and regulations, including the U.S. Export Administration Regulations (“EAR”), the International Traffic in Arms Regulations (“ITAR”) where applicable, and the regulations administered by OFAC. Customer represents and warrants that it is not, and is not acting on behalf of: (a) any person located in or organized under the laws of a country or region subject to comprehensive U.S. sanctions; or (b) any person listed on the U.S. SDN List, the U.S. Denied Persons List, the EU Consolidated List of Sanctions, the UK HM Treasury Consolidated List, or any other applicable denied-parties list. Customer will not export, re-export, transfer, or use the Services in violation of any export control or sanctions law. iMash may suspend or terminate the Services immediately if Customer’s continued use would violate any such law.

### 15.9 U.S. Government End Users

The Services and related documentation are “commercial items,” “commercial computer software,” and “commercial computer software documentation” as defined in FAR 12.212 and DFARS 227.7202. Any use, modification, reproduction, release, performance, display, or disclosure of the Services or documentation by or for the U.S. Government is governed solely by the Terms, in accordance with FAR 12.212 and DFARS 227.7202-1 through 227.7202-4.

### 15.10 Anti-Corruption

Each party will comply with applicable anti-corruption and anti-bribery laws, including the U.S. Foreign Corrupt Practices Act (“FCPA”) and the UK Bribery Act, and will not offer, promise, or provide anything of value to a government official or private party to obtain or retain business or any improper advantage in connection with the Agreement.

### 15.11 Language

The Agreement is written in English. Any translation provided is for convenience only; the English version controls in case of conflict.

### 15.12 Headings

Section headings are for convenience only and have no legal or contractual effect.

### 15.13 Counterparts and Electronic Signatures

If the Agreement (or an order form) is signed, it may be executed in counterparts (including by electronic signature), each of which constitutes an original and all of which together form one and the same instrument.

### 15.14 Entire Agreement

The Terms, together with the [Privacy Policy](./privacy-policy.md), any DPA or BAA executed by the parties, and any order form or statement of work, constitute the entire agreement between the parties regarding the subject matter and supersede all prior or contemporaneous agreements, communications, and representations. In the event of conflict, the order of precedence is: (1) signed order form or statement of work, (2) DPA/BAA, (3) the Terms, (4) the Privacy Policy.

### 15.15 White-Label, Affiliate, and Reseller Deployments

Where the Services are deployed under a customer’s own brand (“white-label”), or by a reseller, affiliate, or partner (“Operator”), the Operator and its end users acknowledge that the Operator is independently responsible for: conducting and maintaining its own security audits and penetration tests; performing its own regulatory compliance assessments (including under HIPAA/HITECH, GDPR/UK GDPR, CCPA/CPRA and other U.S. state privacy laws, PCI DSS, GLBA, SOX, TCPA and state mini-TCPAs, CAN-SPAM, and the FTC Act); configuring tenant-level access controls and retention; obtaining all end-user consents (including for call recording, marketing communications, AI voice usage, and the use of personal data for training or analytics); and the lawful collection, handling, and disposal of all data ingested via the platform. Use of the Services under a non-iMash brand constitutes the Operator’s and its end users’ acceptance of this responsibility allocation. The trust center at `https://dashboard.imash.io/security` describes iMash’s shared-responsibility model in additional detail.

### 15.16 Survival

Sections that by their nature should survive termination — including, without limitation, Sections 3 (for accrued amounts), 4 (with respect to communications already initiated), 5 (other than the limited license in 5.2), 6, 7, 9, 10, 11, 12, 13, 14, and this Section 15 — survive any expiration or termination of the Agreement.

—

© 2026 iMash, Inc. All rights reserved.

*This is the canonical version of the iMash Terms of Service and supersedes all prior versions, including the version dated October 26, 2023.*