Effective Date: April 24, 2026

These AI Service-Specific Terms (“AI Terms”) supplement and form part of the Terms of Service. Capitalized terms not defined herein have the meanings in the Terms of Service or Privacy Policy. In case of conflict, these AI Terms prevail with respect to the AI Services.

1. Definitions

“AI Services” means all AI, machine learning, and generative AI features within the ShareCRM platform, including AI-assisted CRM suggestions, analytics, automated drafting, summarization, conversational assistants, lead scoring, and sentiment analysis.

“Third-Party AI Provider” means any third-party vendor providing foundation models, inference infrastructure, or AI APIs integrated into the AI Services.

“AI Input” means any data, prompt, query, instruction, file, or content submitted by a Customer or User to the AI Services for processing.

“AI Output” means any response, recommendation, draft, summary, classification, score, or other result generated by the AI Services in response to AI Input.

“High-Risk AI Use Case” means use of the AI Services in contexts involving automated decisions with significant legal, financial, employment, health, or safety impact on individuals, including credit scoring, recruitment screening, insurance underwriting, clinical recommendations, or law enforcement support.

“Human Oversight” means the involvement of a qualified human decision-maker who reviews, validates, and assumes responsibility for any AI Output before it is acted upon, particularly in High-Risk AI Use Cases.

“Customer Data” means all data, including personal data, submitted to or processed through the AI Services by or on behalf of a Customer, including submissions made by Users.

“User” means any individual, including Customer's employees, contractors, administrators, and other authorized personnel, who accesses or uses the AI Services under Customer's account or subscription.

2. Nature of the AI Services

ShareCRM delivers the AI Services by integrating third-party foundation models via API calls to infrastructure operated by Third-Party AI Providers. ShareCRM acts as an API-based intermediary and does not develop, host, or independently operate the underlying models. AI Outputs are automated outputs of statistical models and do not constitute professional, legal, financial, medical, tax, or other expert advice. ShareCRM makes no representation, and expressly disclaims any warranty, that AI Outputs are accurate, complete, current, or fit for any particular purpose.

Customer acknowledges that AI systems may produce inaccurate, incomplete, biased, or misleading outputs (including hallucinations); reflect biases in training data; fail to account for jurisdiction-specific context; vary in response to similar inputs; and be subject to model updates or service interruptions without prior notice. These limitations are inherent to the current state of AI technology.

3. Permitted and Restricted Uses

3.1 General Permitted Uses

Subject to these AI Terms and customer’s subscription plan, Customer may use the AI Services for lawful internal business purposes within the ShareCRM platform, including drafting, analytics, translation, reporting, and AI-assisted workflow automation.

Where AI Services are used in regulated industries (financial services, healthcare, legal, insurance), the final decision with legal or similarly significant effect on any individual must be made by a qualified human professional. The Customer is responsible for compliance with all applicable sectoral regulations.

3.2 Conditional Use Cases

The following uses are permitted only where the Customer has implemented the specified safeguards:

● High-Risk AI Use Cases: require (i) reasonable Human Oversight procedures appropriate to the risk level of the specific use case, documented prior to deployment; and (ii) compliance with all applicable AI regulations in the jurisdiction(s) of deployment.

● Automated outbound AI communications (including mass AI-generated emails and customer-facing AI-powered chatbots): require (i) clear disclosure to recipients that the communication is AI-generated or AI-assisted, where required by applicable law; and (ii) where Customer’s chatbot or automated voice system interacts directly with individual end users, provision of a means for users to reach a human representative where required by applicable law or where the matter cannot be adequately resolved by the automated system.

● Processing of special categories of personal data through AI Services: requires a valid legal basis under applicable data protection law and appropriate technical and organizational measures.

4. Prohibited Uses

Customers must not, and must not authorize or permit any User or third party to, use the AI Services for:

(a) Harmful and Illegal Content

● generating, facilitating, or distributing unlawful, defamatory, harassing, threatening, or obscene content, or content that incites violence or discrimination;

● creating AI-generated child sexual abuse material (CSAM) or any content that sexualizes, exploits, or endangers minors;

● developing or supporting weapons of mass destruction, chemical or biological weapons, autonomous lethal weapons, or materials capable of mass casualties;

● facilitating, planning, or executing terrorism, violent extremism, or mass violence.

(b) Discriminatory Profiling and Social Scoring

● predicting, classifying, scoring, or ranking individuals based on protected characteristics (including race, ethnicity, religion, political opinion, sex, sexual orientation, disability, health status, or criminal record) for the purpose of discrimination or exclusion in violation of applicable law;

● operating social scoring or social credit systems that produce unjustified or disproportionate treatment of individuals;

● deploying biometric identification, facial recognition, or emotion recognition in publicly accessible spaces or employment/educational contexts in any manner prohibited by applicable law.

(c) Unsupervised Automated Decisions

● using AI Services as the sole basis for automated decisions with legal effects or similarly significant impacts on individuals — including employment, credit, insurance, housing, or healthcare decisions — without Human Oversight and without enabling individuals to exercise applicable rights;

● automated payday lending or high-cost short-term consumer credit decisions, regardless of nominal human involvement.

(d) Unsupervised Professional Advice

● generating individualized medical diagnoses, treatment plans, legal advice, or financial/investment/tax advice intended to be acted upon without review and sign-off by a licensed professional.

(e) Privacy and Data Violations

● processing personal data without a lawful basis, without required notices, or beyond permitted purposes;

● harvesting, inferring, or cross-referencing personal data in violation of applicable privacy laws;

● conducting covert surveillance or monitoring of individuals without their knowledge and without lawful authority;

● de-anonymizing or re-identifying anonymized or pseudonymized data.

(f) Deception and Manipulation

● creating deepfakes or synthetic media that falsely depict real individuals without consent, including fabricated statements, impersonation, or non-consensual intimate imagery;

● generating disinformation or content designed to manipulate public opinion or interfere with democratic processes;

● deploying subliminal techniques or manipulative psychological tactics that exploit cognitive vulnerabilities;

● representing AI Output as human-generated where disclosure of its AI origin is required by law or material to the recipient.

(g) Security, Competitive Misuse, and System Integrity

● developing, testing, or deploying malware, ransomware, phishing tools, or cyberweapons;

● exploiting security vulnerabilities in any systems that the Customer does not own or has not been authorized to access or test;

● using AI Services for competitive intelligence or reverse engineering of ShareCRM’s AI capabilities;

● attempting to extract model weights, system prompts, or proprietary configurations, or manipulating the AI Services through prompt injection or adversarial inputs.

5. Customer Responsibilities

5.1 The Customer is solely responsible for: (i) evaluating the suitability of AI Services for its intended use cases at the level of diligence appropriate to the risk; (ii) implementing Human Oversight where AI Outputs could have a material impact on individuals; (iii) verifying and validating AI Outputs before relying on them for business decisions or communications to third parties; (iv) maintaining records of AI-assisted decisions in High-Risk AI Use Cases to the extent required by applicable law and as necessary for Customer to demonstrate compliance with its obligations under these AI Terms; and (v) ensuring that all Users comply with these AI Terms. Customer shall be responsible for all acts and omissions of Users in connection with the AI Services as if such acts and omissions were Customer's own. Customer's liability for User violations shall not be limited by any internal policy, access control, or supervisory measure that Customer may have implemented.

5.2 In any High-Risk AI Use Case, Customer must ensure that: (a) a qualified human decision-maker reviews the AI Output before the relevant decision is made or action is taken; (b) such decision-maker exercises independent judgment and does not rely solely on the AI Output; and (c) Customer retains accountability for the final decision.

5.3 Where required by applicable law, Customer must provide affected individuals with meaningful information about the role of automated processing in the decision.

6. Data Processing, Privacy, and Model Training

6.1 Processing and Legal Basis

When Customer Data is submitted as AI Input, ShareCRM processes such data as a data processor acting on behalf of the Customer (as data controller), in accordance with the applicable Data Processing Agreement (“DPA”) and Privacy Policy. The Customer is responsible for ensuring all personal data included in AI Inputs is processed on a valid legal basis under applicable data protection law. Where ShareCRM transmits AI Input to a Third-Party AI Provider via API, such transmission is made at Customer's direction and on Customer's behalf as a result of Customer's selection of that provider's model in the administrative console. Each Third-Party AI Provider processes AI Input as an independent data controller or processor under its own terms of service and privacy policy, and not as a sub-processor engaged by ShareCRM. ShareCRM's role is limited to facilitating the technical transmission of AI Input to the provider selected by Customer. Customer is responsible for ensuring that its selection and use of any Third-Party AI Provider model is consistent with Customer's own data protection obligations, including any requirement to inform data subjects that their data will be processed by such provider.

6.2 Training Restriction

(A) ShareCRM’s Own Systems. ShareCRM will not use Customer Data — including AI Inputs and AI Outputs derived from Customer Data — to train, fine-tune, or improve ShareCRM’s own AI systems or proprietary models, without the Customer’s prior written consent. (B) Third-Party AI Provider Handling. Customer Data submitted to a Third-Party AI Provider as AI Input will be processed by that provider subject to that provider’s own terms of service, privacy policy, and data processing commitments as applicable to the selected model and deployment configuration. ShareCRM does not and cannot guarantee that Third-Party AI Providers will not use AI Inputs or AI Outputs for model training, fine-tuning, or improvement, as such practices vary by provider, model, deployment type, and applicable settings. (C) Customer is hereby notified that different Third-Party AI Provider models available on the ShareCRM platform may have materially different data handling practices, including with respect to whether AI Inputs or AI Outputs are used for model training, fine-tuning, or improvement, and that such practices are determined solely by each provider and may change over time. The ShareCRM administrative console makes available a list of selectable Third-Party AI Provider models. Customer is solely responsible for reviewing each applicable Third-Party AI Provider's then-current terms of service and privacy policy, available on such provider's official website, before selecting or continuing to use any model for processing Customer Data. ShareCRM does not represent or warrant the accuracy, completeness, or continued applicability of any such third-party policies, and shall have no liability for any training, use, retention, or other processing of Customer Data by a Third-Party AI Provider carried out in accordance with that provider's applicable terms. (D) Customer’s Model Selection Responsibility. By selecting a Third-Party AI Provider model in the ShareCRM administrative console, Customer acknowledges that Customer Data will be transmitted to and processed by that provider in accordance with that provider’s applicable terms, and that ShareCRM shall have no liability with respect to the provider’s data handling, storage, training, or other processing of such data, except to the extent such processing results from ShareCRM’s negligent or wilful act or omission in the configuration or transmission of AI Input.

ShareCRM may use anonymized, aggregated, or de-identified usage and performance data that cannot reasonably identify any Customer or individual to improve the AI Services, subject to applicable law. As between the parties, all right, title, and interest in and to such anonymized, aggregated, or de-identified data, together with all insights, benchmarks, and analyses derived therefrom, vest exclusively in ShareCRM. The Customer’s data ownership rights under the Terms of Service do not extend to data that has been anonymized, aggregated, or de-identified in accordance with this Section 6.2.

6.3 Cross-Border Transfers and AI Outputs

AI Input processing involves transmission of data from ShareCRM's systems to Third-Party AI Provider infrastructure, which may be located in jurisdictions outside the Customer's country of operation. ShareCRM implements cross-border transfer mechanisms (including standard contractual clauses or equivalent instruments where required by applicable law) for the transfer of Customer Data between Customer and ShareCRM and, to the extent within ShareCRM's control, for onward transfers to Third-Party AI Providers. The data handling, storage, and processing practices of Third-Party AI Providers within their own systems are governed by each provider's applicable terms and are not within ShareCRM's control or the scope of ShareCRM's transfer mechanisms. Customers with data residency or jurisdictional requirements are responsible for selecting models whose providers process data in appropriate jurisdictions, and should review each provider's data localisation capabilities prior to model selection.

AI Outputs may occasionally contain personal data. Customers are responsible for handling such outputs in accordance with applicable data protection law and must not rely on AI Services to identify, redact, or anonymize personal data without independent verification.

7. Transparency and Disclosure

ShareCRM will, to the extent reasonably practicable, indicate within the platform which features incorporate AI capabilities. Where required by applicable law and where ShareCRM acts as data controller, ShareCRM will provide information about automated processing of personal data. ShareCRM’s disclosure obligations are limited to what is expressly required by applicable law and these AI Terms. Nothing in this Section 7 shall be construed to impose disclosure obligations on ShareCRM beyond such requirements.

Where required by applicable law, Customers are responsible for: (a) disclosing to their end-customers and other external individuals affected by AI-assisted decisions or communications: (i) that AI was used in preparing or delivering such communication or decision; (ii) the nature and extent of AI involvement; and (iii) any applicable right to request Human Oversight or contest automated decisions; and (b) informing their employees and other Users who interact with or are subject to decisions made using the AI Services that AI tools are used, to the extent required by applicable employment, works council, or data protection laws in the relevant jurisdiction.

8. Intellectual Property in AI Outputs

8.1 ShareCRM AI Services Intellectual Property.

As between the parties, ShareCRM retains all right, title, and interest in and to the AI Services, including without limitation the underlying system architecture, orchestration logic, prompt templates, evaluation frameworks, and all improvements, modifications, and derivative works thereof (collectively, “ShareCRM AI Technology”). For the avoidance of doubt, ShareCRM AI Technology does not include the underlying foundation models or inference infrastructure provided by Third-Party AI Providers, which are subject to such providers' own intellectual property rights and licensing terms. Nothing in these AI Terms transfers or grants the Customer any ownership interest in the ShareCRM AI Technology. The Customer’s right to access and use the AI Services is limited to the license expressly granted under the Terms of Service, and no other rights are granted by implication, estoppel, or otherwise.

8.2 Ownership of AI Outputs.

As between Customer and ShareCRM, AI Outputs generated from Customer Data are owned by the Customer, subject to the license granted to ShareCRM in the Terms of Service and any third-party intellectual property limitations. ShareCRM makes no representation that AI Outputs are original, non-infringing, or free from third-party IP rights. The Customer is solely responsible for any required IP clearance before commercially exploiting AI Outputs.

If the Customer voluntarily provides feedback or corrections relating to AI Outputs (“Feedback”), the Customer grants ShareCRM a non-exclusive, perpetual, irrevocable, worldwide, royalty-free license to use such Feedback to improve the AI Services. Feedback is not subject to the Training Restriction unless it contains Customer Data. Where Feedback contains Customer Data, Customer's voluntary submission of such Feedback to ShareCRM for the purpose of improving the AI Services shall constitute Customer's written consent for the purposes of Section 6.2(A) solely with respect to such Feedback. All improvements, modifications, new features, and other intellectual property developed by ShareCRM in connection with or derived from Feedback shall, to the extent ShareCRM has the right to do so and subject to any restrictions imposed by Third-Party AI Providers, vest exclusively in ShareCRM. The Customer does not acquire any right, title, or interest in any such improvements or developments by reason of having provided Feedback, and nothing herein shall be construed as creating any joint authorship, joint invention, or co-ownership with respect to any ShareCRM intellectual property.

9. Security

ShareCRM implements technical and organizational security measures for the AI Services that are appropriate to the risk, consistent with its obligations under the Terms of Service and DPA, and taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing. ShareCRM reserves the right to suspend access to the AI Services upon detecting credible security risks, abuse, or violations of these AI Terms, in accordance with the Terms of Service.

10. Regulatory Compliance

10.1 EU AI Act

Customers deploying AI Services in the European Economic Area should be aware that they may themselves bear obligations as AI deployers under Regulation (EU) 2024/1689 (the EU AI Act), depending on the classification and risk level of their deployment. The Customer is solely responsible for determining applicable obligations, conducting required impact and conformity assessments, implementing human oversight, maintaining logs, and fulfilling all transparency and registration requirements. ShareCRM makes no representation that the AI Services satisfy requirements applicable to any specific high-risk AI use case under the EU AI Act.

10.2 General Compliance

The Customer is solely responsible for ensuring its use of the AI Services complies with all applicable laws across all jurisdictions where it operates, including data protection laws, sector-specific regulations (financial services, healthcare, employment, education), and export control laws. The AI Services may be subject to export control regulations including U.S. EAR; Customers agree not to export, re-export, or transfer access in violation of applicable export controls.

11. Disclaimers and Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE AI SERVICES AND ALL AI OUTPUTS ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND. SHARECRM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF ACCURACY, RELIABILITY, COMPLETENESS, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. SHARECRM DOES NOT WARRANT THAT AI OUTPUTS WILL BE FREE FROM ERRORS, HALLUCINATIONS, BIAS, OR INACCURACIES.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SHARECRM SHALL NOT BE LIABLE FOR ANY LOSS OR DAMAGE ARISING FROM: (i) RELIANCE ON AI OUTPUTS WITHOUT INDEPENDENT HUMAN VERIFICATION; (ii) USE OF AI SERVICES IN VIOLATION OF THESE AI TERMS; (iii) INACCURACIES OR HALLUCINATIONS IN AI OUTPUTS; (iv) CHANGES TO OR DISCONTINUATION OF THE AI SERVICES OR UNDERLYING THIRD-PARTY AI MODELS; OR (v) ANY THIRD-PARTY INTELLECTUAL PROPERTY INFRINGEMENT CLAIMS ARISING FROM OR RELATING TO THE CONTENT OF AI OUTPUTS. SHARECRM’S TOTAL AGGREGATE LIABILITY IN CONNECTION WITH THE AI SERVICES IS SUBJECT TO THE CAP SET FORTH IN THE TERMS OF SERVICE.

12. Enforcement, Changes, and General

Violation of these AI Terms, including the Prohibited Uses in Section 4, constitutes a material breach of the Terms of Service and may result in immediate suspension or termination of access to the AI Services. ShareCRM reserves the right, without prior notice, to suspend or restrict access where it reasonably determines that continued access poses a risk of harm, violates applicable law, or involves security threats or adversarial activity. ShareCRM reserves the right to cooperate with law enforcement and regulatory authorities to the extent required or permitted by applicable law.

ShareCRM may modify these AI Terms at any time. Material changes will be notified in accordance with the notice provisions of the Terms of Service. These AI Terms are governed by and subject to the dispute resolution provisions of the Terms of Service.

For questions relating to these AI Terms, contact ShareCRM at privacy@sharecrm.com.