Exhibit A
Client Pass-Through Addendum

Pursuant to Section 2.5 of the Agreement, this Addendum describes the obligations that Customer shall impose on its Clients via an agreement executed by Client and Customer before (i) allowing such Clients to access the Sift Services or (ii) using the Sift Services on behalf of such Clients. Any capitalized term not defined in this Addendum will have the meaning given it in the main body of the Agreement.

1. Proprietary Rights. Customer shall include the following (or substantially similar) terms regarding proprietary rights in each Client agreement:

1.1 Ownership of and Limited License to Customer Data. [CLIENT] grants to [CUSTOMER] a limited, royalty-free, non-exclusive, worldwide right and license to access, collect, use, process, and store Customer Data only to use the Sift Services on behalf of [CLIENT] as set forth in this Agreement. [CLIENT] grants to Sift a limited, royalty-free, non-exclusive, worldwide right and license to access, collect, use, process, store, copy, and create derivative works from the Customer Data only to provide, maintain, and improve the Sift Services.

1.2 Use of Customer Data. [CLIENT] acknowledges and agrees that Sift may use the Customer Data in accordance with the Sift service privacy notice for as long as reasonably necessary for the limited purpose of providing, maintaining, and improving the Sift Services, which includes improving its machine learning algorithms and data models as necessary to support such uses (the “Permitted Purpose”). [CLIENT] further acknowledges and agrees that, in connection with the Permitted Purpose, Customer Data will be commingled with data received from other customers of the Sift Service; provided, that (a) the Customer Data shall not itself be made available to any other customer, and (b) Customer will not be identified to the extent the Customer Data contributes to the analytical results provided to other customers of the Sift Services.

1.3 Feedback. If [CLIENT] provides [CUSTOMER] or Sift any feedback in connection with the Sift Services, [CLIENT] shall use reasonable efforts to ensure the accuracy of such feedback and grants to Sift an unlimited, irrevocable, perpetual, sublicensable, royalty-free license to use any such feedback or suggestions for any purpose without any obligation or compensation to [CLIENT].

1.4 Aggregated Data. [CLIENT] acknowledges and agrees that Sift may use data derived from Customer Data about Customer’s use of the Sift Services that is aggregated with data received from other customers (“Aggregated Data”) for internal purposes such as operating, maintaining, and improving the Sift Services and distribution in general benchmarking or industry-related reports.

2. Customer Commitments. Customer shall commit to the following obligations in each Client agreement:

2.1 Security. [CUSTOMER] will maintain a security program with reasonable and appropriate administrative, technical, organizational and physical security measures designed to protect Customer Data against unauthorized access, disclosure and loss.

2.2 Deletion of Data. Upon termination of [the CLIENT AGREEMENT] or [this Agreement], [CLIENT] may request deletion of the Customer Data. To the extent the Customer Data is in [CUSTOMER]’s possession, custody, or control, [CUSTOMER] will perform such deletion within ninety (90) days and where requested by [CLIENT], certify the same in writing. To the extent the Customer Data is in Sift’s possession, custody, or control, [CUSTOMER] will communicate such request to Sift.

3. Client Commitments. Customer shall require each Client to commit to the following obligations in each Client agreement:

3.1 Compliance with Applicable Law. [CLIENT] will comply with all Applicable Laws in connection with the use of the Sift Services, including the provision of the Customer Data to [CUSTOMER].

3.2 Client Responsibilities. [CLIENT] will use the Sift Services (which, for clarity, include the Analytical Results), only: (a) for fraud detection and prevention purposes; (b) in accordance with the terms of this Agreement and the Acceptable Use Policy; and (c) in compliance with Applicable Laws and any contractual or other obligation [CLIENT] has to any third party. [CLIENT] is solely responsible for ensuring that its use of the Sift Services, including its provision of the Customer Data, does not violate any Applicable Laws. Without prejudice to the generality of the foregoing, [CLIENT] shall ensure it has the right to transfer or provide access to Customer Data to [CUSTOMER] for the purposes contemplated in this Agreement (and where required, has obtained any necessary consents or authorizations to do so).

3.3 Data and Usage Restrictions. [CLIENT] shall not provide to [CUSTOMER] any Customer Data that contains Sensitive Personal Information. [CLIENT] shall not use the Sift Services for any purposes not contemplated by this Agreement, including but not limited to purposes prohibited under the Fair Credit Reporting Act (FCRA) and the Equal Credit Opportunity Act (ECOA), such as for background checks, as a factor in establishing an individual’s creditworthiness or eligibility for credit, insurance, housing, or employment, or in any way that facilitates discrimination, or in any other way that may violate or may cause [CLIENT], [CUSTOMER], or Sift to violate any Applicable Law. For clarity, the foregoing limitation applies to the Analytics Results and any other information derived from use of the Sift Services, as well as the Sift Service itself.

3.4 Notice and Consent. [CLIENT] will include on each [CLIENT] service and digital application or property (e.g., webpages, apps, endpoints) from which it collects Customer Data a readily accessible privacy policy that includes accurate disclosures concerning the processing activities undertaken in connection with this Agreement that complies with Applicable Laws, including: (i) the collection and processing of personal information for fraud detection and prevention purposes; (ii) the disclosure of personal information to a third party service provider for such purposes; and (iii) if applicable, the use of Snippets to collect and use Customer Data as described in this Agreement. For clarity, as between the parties, [CLIENT] is solely responsible for obtaining any necessary consents, permissions and approvals from and providing any notices to end users required by Applicable Laws and this Agreement in connection with the activities described in this Agreement. The parties will provide reasonable assistance and reasonably cooperate with each other to assist with each party's compliance with Applicable Laws and this Section.

3.5 Due Diligence and Remedial Action. [CLIENT] will cooperate with [CUSTOMER] in conducting reasonable due diligence into any complaint [CLIENT] or [CUSTOMER] receives relating to the use of the Sift Services, including with respect to any decisions made based on the Sift Services. [CLIENT] will cooperate with [CUSTOMER] to ensure appropriate action is taken in response to such complaints where necessary.